|Preferred GIAC Certifications||GSEC, GCDA, GDAT, GCWN, GCIH|
- Perform vulnerability assessments and reviews; facilitating remediation planning, exposure tracking, communicating risk, and reporting on mitigation status
- Lead the development of security control assessments for common platforms and the implementation of findings from said assessments
- Facilitate Incident Response activities as a Subject Matter Expert through the Incident Response life-cycle
- Participate in the administration of security implementations (EPP/EDR, IPS/IDS, SIEM, etc.)
- Support the ongoing administration, design and use of the Security Information & Event Monitoring platform, ensuring audit trails, system logs and other monitoring data is reviewed and actionable.
- Support the ongoing administration, design and user of network segmentation tools and underlying concepts.
- Provides security architecture knowledge and design concepts to Information Technology and Development teams.
- Apply or recommend adaptive security measures based on investigative findings and threat monitoring
- Participate in and coordinates application security reviews, working with third party assessors and application owners to identify and remediate findings
- Performs second level investigation into user reported threats such as phishing, machine compromise, advanced threats, etc.
- Advise management on best practices, current trends, and pertinent changes in internal/external threats and opportunities for improvement. Presents action plans for implementation and approval
- Perform threat hunting based on Tactics, Techniques and Procedures (TTPs) and threat reporting from information sharing organizations (US-CERT, FS-ISAC, etc.)
- Provide technical expertise to support vendor and project reviews.
- Performs all other duties and special projects as assigned.
Preferred Technology Experience:
- Experience with network segmentation tools like Illumio, Guardicore, Zscaler ZWS, Cisco Tetration/ACI
- Significant Experience with SIEM technologies: Elasticsearch, Winlogbeat, Logstash, LogRhythm, Sigma
- Behavioral Endpoint Protection solutions: Cylance, SentinelOne, Crowdstrike
- Vulnerability Assessment services: Nexpose/InsightVM, Nessus, Qualys
- Network Detection Tools: Bro (Zeke), Suricata, Security Onion, etc.
- Firewall Technologies: Cisco ASA, Cisco Firepower, Palo Alto
- Familiar with any of Bash, Python, PowerShell