Senior Cyber Defense Threat Engineer

Request Technology - Craig Johnson

Alte locuri de munca publicate de aceasta companie

Senior Cyber Defense Threat Engineer

*We are unable to sponsor for this permanent Full time role*

*Position is bonus eligible*

Prestigious Financial Institution is currently seeking a Sr. Cyber Defense Threat Engineer. Candidate will be responsible for the in-depth analysis and response to security incidents escalated from Tier 1 analysts. This role involves investigating complex security events, identifying potential threats, and implementing measures to mitigate risks. The Tier 2 analyst plays a critical role in maintaining the security posture of the organization by leveraging advanced threat intelligence and incident response techniques.

Responsibilities:

  • Monitor security alerts and events from various security tools and technologies.
  • Perform advanced analysis of security logs, network traffic, and endpoint data.
  • Review and respond to security incidents escalated by Tier 1 analysts.
  • Conduct thorough investigations to determine the scope and impact of security incidents.
  • Implement containment, eradication, and recovery measures for confirmed incidents.
  • Document and report findings, actions taken, and lessons learned.
  • Work closely with threat intelligence team to enhance detection and response capabilities.
  • Collaborate with other security team members and IT staff to address security incidents.
  • Provide guidance and support to Tier 1 analysts on complex security issues.
  • Communicate effectively with stakeholders regarding security incidents and mitigation efforts.
  • Participate in post-incident reviews to identify areas for improvement.
  • Stay current with the latest cybersecurity trends, threats, and technologies.
  • Contribute to the development and enhancement of SOC processes and procedures.

Qualifications:

  • Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines.
  • Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets.
  • Knowledge and experience implementing controls based on security regulation (eg, NIST Cyber Security Framework) is a plus.
  • Effective and excellent oral and written communication, analytical, judgment and consultation skills.
  • Ability to effectively communicate in both formal and informal review settings with all levels of management.
  • Ability to work with local and remote IT staff/management, vendors and consultants.
  • Ability to work independently and possess strong project management skills.
  • Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.).
  • SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus.
  • Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc.
  • Incident Response playbook development, managing security incident analysis and remediation.
  • Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers)
  • Standard technical writing tools including MS Word, Excel, Project and Visio
  • Vulnerability assessment tools (Qualys, Nessus, nmap, etc.).
  • Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID).
  • Client Server platforms including Sun Solaris, Windows, Linux.
  • Operating system hardening procedures (Solaris, Linux, Windows, etc.)
  • Web Application Firewalls.
  • Cloud based security tools and techniques (AWS, Azure, GCP, etc.)
  • Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices.

Education and Experience:

  • Bachelor's degree in cybersecurity, computer science, or another related field.
  • Minimum three years of information security experience, preferably in the financial services industry.
  • Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response.
  • Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives.
  • Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure.
  • Industry knowledge of leading-edge security technologies and methods.
  • Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities.
  • Previous people/project management experience is a plus.
  • Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+.
Descriere companie

Detalii oferta de angajare

13 Dec 2024

Locatia jobului

Chicago, Illinois

Tip job

Full time

Categorie job

Tehnologia informaţiei, Telecomunicaţii

Salariu lunar