Description Of Duties / Essential Functions
Duties, functions and responsibilities of this position include:
· Supports cyber security initiatives through both predictive and reactive analysis
· Performs threat and vulnerability assessments and provides subject matter expertise on appropriate threat mitigation approaches
· Identifies intrusion activity by leveraging alert data from multiple sensors and systems and determines priority for response
· Monitors, evaluates, and assist with the maintenance of assigned security systems in accordance with industry best practices to safeguard internal information systems and databases
· Uses attack signatures and tactics, techniques and procedures (TTPs) to aid in threat detection and discovery
· Conducts basic malware analysis of attacker tools and identifies indicators of compromise(IOC)s
· Collaborates with other Cyber Division and IT team members to develop and implement innovative strategies for monitoring and preventing attacks
· Conducts research on emerging security threats
· Proposes additional components and techniques that could be used to proactively detect and prevent malicious activity
· Manage the SOC mailbox, and monitor and analyze the emails for threats including phishing and malware, and escalates per procedures
· Participates in the investigations of information security incidents and may prepare reports on intrusions as required
· Maintains an understanding of the current threats, vulnerabilities, response and mitigation strategies used to support cyber security operations
· Logs and records all security incidents to internal ticketing system
· Collects malware artifacts safely for analysis and incident investigations
· Examines suspicious emails for malicious content and provide recommendations on remediation actions
· Performs URL/domain analysis to identify and report any malicious indicators associated with the resource and evaluates associated risks
· Provides other services as a key member of the Cyber Division including but not limited to:
o Information security review and approval of changes to company networks, servers and end devices in collaboration with the InfrastructureDivision
o Security sensor policies for IDS/IPS, Firewalls, web security gateways and logging
o Continuous control monitoring including baseline security configuration monitoring
o Investigations and forensics
There are no major sources of discomfort, i.e., essentially normal office environment with acceptable lighting, temperature and air conditions. Significant time spent using computer display, keyboard, and mouse.
Associate's degree in Computer Science, Management and Information Systems (MIS), Business or a related field. System-specific technical certifications may be considered a substitution for Associate's degree.
Experience in IT security, infrastructure or applications may be substituted for the education requirement on a year-for-year basis.
At least 18 months of technology experience in IT security or supporting security aspects of IT infrastructure or applications teams.
Must be able to pass a criminal background check, obtain and maintain federally mandated security clearances where required.
The candidate must have the following knowledge, skills and abilities:
· Knowledgeable of Cyber Kill Chain and Diamond Model of IntrusionAnalysis
· Knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies
· Understanding of networking andTCP/IP
· Experience with a wide variety of operating systems: Windows Server, Windows 10, Windows 7, Linux etc.
· Ability to troubleshoot technical and security related issues
· Experience working in a rapidly changing, high intensity environment
· Avid, proactive learner and ability to work well in a team based environment
· Strong interpersonal and writing skills
· Candidate required to obtain Security+ certification during first year of employment