• Remote Operational support position to identify, investigate, contain and remediate security incidents utilizing existing tools including but not limited to SIEM, Endpoint Protection, IDS/IPS, DLP, Web Gateway and Proxy Appliances and Vulnerability scanners.
signature based threat detection and prevention, anti-botnet prevention, vulnerability detection, stateful inspection, virtual private networks and secure proxy, access control systems, open source and enterprise forensic tools, SIEM, anti-virus or advanced threat detection, etc • Advanced trouble-shooting skills • Experienced design and development; cross systems technical knowledge; subject matter expertise in one or more technical areas; demonstrates knowledge of technologies beyond core focus of initial study
Daily Tasks Performed
• Identify, investigate, contain and remediate security incidents utilizing existing tools within SIEM • Create, test and deploy new access control rules, signatures, and then validate results via post-deployment report • Evaluate risk to the company and apply this methodology to active incidents • Strong analytic and critical thinking skills and subject matter expertise • Attend operational and status calls (as needed)
5 to 7 years of combined IT and security work experience with a broad range of exposure to systems analysis, applications development, database design and administration
1 to 2 years of experience with Information Security
• BA/ BS in Information Technology, Computer Science or related field or equivalent work experience • Understanding of in security subjects • Knowledge of security policies and interprets policies • Understanding of a specific security application or tool and how it works • Ability to assess security safeguards • Ability to deal with threats and intermediate level incidents • Ability to deal with intrusions at a moderate threat level • Knowledge of information security principles including risk assessment • Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: Security Information and Event Management (SIEM), IDS/IPS, Managed Security Services (MSS), Behavior Detection, Vulnerability Scanning and Data Loss Prevention Program (DLP).
• Leads technical direction in designing and implementing security solutions for security technical infrastructure • Must be able to clearly articulate ideas and solutions during incidents.