Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Jobs - SECURITY INTELLIGENCE AND RESPONSE ENGINEER Sacramento GISP, GCIH, GCFA InfoSec Jobs


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SECURITY INTELLIGENCE AND RESPONSE ENGINEER
Company California Department of Corrections and Rehabilitation
Location Sacramento
Preferred GIAC Certifications GISP, GCIH, GCFA
Travel 10%
Salary $70000 - $92000
URL https://jobs.ca.gov/CalHrPublic/Jobs/JobPosting.aspx?JobControlId=69164
Contact Name Anonymous
Contact Email vitaliy.panych/at/cdcr.ca.gov
Expires 2017-10-08

Job Description

The CDCR Security Intelligence and Operations Center (SIOC) will be leading every aspect of security for one of the most technologically driven correctional and law enforcement operations, the members will coordinate with private, state and federal entities to secure some of the most confidential and sensitive crime and safety information in California. These positions will be at the leading edge to counteract hacker attacks, perform ongoing red-team engagements, proactive insider threat hunting, incident response, cyber threat intelligence collection and analysis, and defense countermeasure implementation. The mission of this team is critical to California in order to enhance public safety by protecting the privacy and civil liberties of all individuals, safeguarding sensitive information, preserving confidentiality, and enabling the Agency to proactively enforce safety, innovate law enforcement, detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, correctional operations, and rehabilitation efforts. The SIOC supports Agency-wide goals and ensures a secure computing environment providing availability, confidentiality and integrity of correctional and rehabilitative information.

Implement technical activities for the Cyber Security Intelligence and Operations Center (SIOC) including
initial capabilities and continuous improvement of functions within the SIOC and the ISO. The SIOC SSS II
(Tech) facilitates activities and implements practices to hunt for malicious insider behaviors to define and
provide response. Ensure hunting for threats and vulnerabilities is well defined and documented. The
incumbent initiates and refines team processes and functions of threat hunting for malicious and criminal
activity across internal and external digital assets, shares knowledge with security peers, performs digital
forensics and threat intelligence analysis for indications and warnings, and contributes to remediation and
hardening efforts. Provides development and guidance within information security policy, law enforcement
and investigation, IT architecture, operations, administration, compliance and audit support. Provide
offensive security research including vulnerability discovery and exploit proof of concept for hardware and
software solutions used in a correctional environment. Conduct responsible vulnerability disclosure and
facilitate remediation with internal stakeholders and vendors. Act as a subject matter expert for an allocated
geographic and/or thematic area, closely follow open source and closed intelligence source reporting on
associated actor groups (nation-state, criminal, hacktivist, and terrorist), exploits, vulnerabilities, incidents
and campaigns.

Create security strategies, architect secure solutions including but not limited to cloud deployments,
overseeing implementation of host based security and system hardening, and managing the deployment of
security services including remote access, penetration testing, security architecture, threat hunting, fraud
detection, network security, scanning services, log management, and security monitoring/systems.
Evangelize security policy and best practice within and outside of CDCR. The SIOC lead enhances skills of
the team to develop policies and procedures that ensure security awareness, risk mitigation and compliance
to enhance CDCR’s security posture. As an active member of the Computer Security Incident Response
Team (CSIRT) by enabling the team to provide technical analysis and identify remediation procedures.
Identify, develop, manage, and leverage external relationships to enhance intelligence collection efforts.
Lead investigations of intrusions and other relevant events, and gain and present on sophisticated and
detailed aspects of the evolving threat landscape. Produce high quality written reports, documenting case
details, developments and outcomes.