Microsoft Sentinel Engineer/L3 SOC Analyst Akkodis are currently working in partnership with a leading service provider to recruit an experienced Microsoft Sentinel Engineer with expertise of Microsoft Sentinel and QRadar to join their growing security team during an exciting period of change. Please note this is a fully remote role and you must be eligible to gain security clearance (do not need to hold currently). The Role As a Microsoft Sentinel Engineer you will be responsible for handing security incidents received/escalated for the Junior Analysts in the team. You will aid in triaging threat intelligence from multiple sources and add contextual information to the security incident, perform additional analysis and based on the business impact will recommend the response actions and escalation path. You will also have the opportunity to support the initial implementation of new security related Microsoft technologies, including Microsoft Sentinel, MDE, MDI and Defender for Cloud. The Responsibilities Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the CSOC team Provide oversight, guidance and mentoring to L2 & L3 analysts, and fulfil SOC Manager responsibilities in the absence of the SOC Manager Manage a number of analysts as part of a virtual team of L1 and L2 analysts, including objectives setting, performance management/reviews, training & development, and BAU activities including shift cover etc. Perform advanced event and incident analysis, including baseline establishment and trend analysis. Support on-call arrangements as part of a Rota, to support L1 Analysts working out of hours Support Major Incident Response activity, from a Protective Monitoring perspective, including supporting teams in identification, containment, and remediation of security related threat. Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity. Identify, create and implement improvements to procedures and processes, with the SOC Manager's approval. Identify opportunities for SOC and client SIEM platform configuration improvements, use case development, monitoring rule creation, tuning & optimisation Assist in architectural design to facilitate the onboarding of new information systems, including the assessment, parsing, onboarding of log sources, and use case and rule development. The Requirements Senior Cyber Security and security operations experience Experience in managing Microsoft Sentinel, including Lighthouse Experience of onboarding, tuning, reporting and configuring SIEM solutions Experience of threat intelligence Leadership and mentoring experience and skills Understanding of low-level concepts including operating systems and networking Commercial experience in Penetration Testing and/or Security Monitoring Understanding of networking and infrastructure design Active or ability to obtain SC clearance Knowledge/experience of DevOps would be hugely beneficial If you are looking for an exciting new challenge to join a leading SOC team please apply now. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
19/12/2024
Full time
Microsoft Sentinel Engineer/L3 SOC Analyst Akkodis are currently working in partnership with a leading service provider to recruit an experienced Microsoft Sentinel Engineer with expertise of Microsoft Sentinel and QRadar to join their growing security team during an exciting period of change. Please note this is a fully remote role and you must be eligible to gain security clearance (do not need to hold currently). The Role As a Microsoft Sentinel Engineer you will be responsible for handing security incidents received/escalated for the Junior Analysts in the team. You will aid in triaging threat intelligence from multiple sources and add contextual information to the security incident, perform additional analysis and based on the business impact will recommend the response actions and escalation path. You will also have the opportunity to support the initial implementation of new security related Microsoft technologies, including Microsoft Sentinel, MDE, MDI and Defender for Cloud. The Responsibilities Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the CSOC team Provide oversight, guidance and mentoring to L2 & L3 analysts, and fulfil SOC Manager responsibilities in the absence of the SOC Manager Manage a number of analysts as part of a virtual team of L1 and L2 analysts, including objectives setting, performance management/reviews, training & development, and BAU activities including shift cover etc. Perform advanced event and incident analysis, including baseline establishment and trend analysis. Support on-call arrangements as part of a Rota, to support L1 Analysts working out of hours Support Major Incident Response activity, from a Protective Monitoring perspective, including supporting teams in identification, containment, and remediation of security related threat. Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity. Identify, create and implement improvements to procedures and processes, with the SOC Manager's approval. Identify opportunities for SOC and client SIEM platform configuration improvements, use case development, monitoring rule creation, tuning & optimisation Assist in architectural design to facilitate the onboarding of new information systems, including the assessment, parsing, onboarding of log sources, and use case and rule development. The Requirements Senior Cyber Security and security operations experience Experience in managing Microsoft Sentinel, including Lighthouse Experience of onboarding, tuning, reporting and configuring SIEM solutions Experience of threat intelligence Leadership and mentoring experience and skills Understanding of low-level concepts including operating systems and networking Commercial experience in Penetration Testing and/or Security Monitoring Understanding of networking and infrastructure design Active or ability to obtain SC clearance Knowledge/experience of DevOps would be hugely beneficial If you are looking for an exciting new challenge to join a leading SOC team please apply now. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Group GRC Lead Permanent Salary: Between £75,000 - £80,000 per annum Location: Leeds Working Arrangement: Hybrid - 2 days in office per week Your new company I'm currently looking for a GRC Lead to report into the CISO of an international law firm. This role can be completed on a hybrid basis from offices in Leeds, Birmingham, Cardiff or London. The ideal candidate will have experience of 3rd party Governance Risk and Compliance management (clients, suppliers, vendors), people management experience, and a go-getter, enthusiastic and engaging personality. Your new role will involve Reporting to the CISO (and C-suite in general) on the current state of the firm's Cyber Security from a Governance Risk and Compliance perspective Assisting in the identification and support of 3rd party compliance requirements Managing a small team of IT compliance analysts Spearheading an international Cyber Security Awareness programme Implementing NIST and maintaining ISO27001 certification Maintaining a contemporary knowledge of current threats and cyber trends 3rd party and internal risk management Fostering a risk aware culture among stakeholders and across the firm Providing strategic advice and input on the firm's cyber security strategy What you'll need to succeed Proven experience of 3rd party GRC leadership work, ideally in legal or professional services, but large-scale complex organisations will work too Line management experience A go-getter, engaging and enthusiastic personality Experience implementing NIST would be useful Strong Governance Risk and Compliance (GRC) knowledge, understanding and skill set Excellent leadership ability and communication skills Strong stakeholder engagement and management ability What you'll get in return Between £75,000 - £80,000 per annum 10% discretionary bonus 26 days annual leave - Buy and Sell Scheme Private health care More great benefits What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
19/12/2024
Full time
Group GRC Lead Permanent Salary: Between £75,000 - £80,000 per annum Location: Leeds Working Arrangement: Hybrid - 2 days in office per week Your new company I'm currently looking for a GRC Lead to report into the CISO of an international law firm. This role can be completed on a hybrid basis from offices in Leeds, Birmingham, Cardiff or London. The ideal candidate will have experience of 3rd party Governance Risk and Compliance management (clients, suppliers, vendors), people management experience, and a go-getter, enthusiastic and engaging personality. Your new role will involve Reporting to the CISO (and C-suite in general) on the current state of the firm's Cyber Security from a Governance Risk and Compliance perspective Assisting in the identification and support of 3rd party compliance requirements Managing a small team of IT compliance analysts Spearheading an international Cyber Security Awareness programme Implementing NIST and maintaining ISO27001 certification Maintaining a contemporary knowledge of current threats and cyber trends 3rd party and internal risk management Fostering a risk aware culture among stakeholders and across the firm Providing strategic advice and input on the firm's cyber security strategy What you'll need to succeed Proven experience of 3rd party GRC leadership work, ideally in legal or professional services, but large-scale complex organisations will work too Line management experience A go-getter, engaging and enthusiastic personality Experience implementing NIST would be useful Strong Governance Risk and Compliance (GRC) knowledge, understanding and skill set Excellent leadership ability and communication skills Strong stakeholder engagement and management ability What you'll get in return Between £75,000 - £80,000 per annum 10% discretionary bonus 26 days annual leave - Buy and Sell Scheme Private health care More great benefits What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
Security Engineer Salary: $140k-$150k + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 3+ years of related experience Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Responsibilities Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned.
18/12/2024
Full time
Security Engineer Salary: $140k-$150k + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 3+ years of related experience Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Responsibilities Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned.
Security Engineer Salary: $140k-$150k + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 3+ years of related experience Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Responsibilities Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned.
17/12/2024
Full time
Security Engineer Salary: $140k-$150k + bonus Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 3+ years of related experience Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Responsibilities Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned.
Cyber Security Analyst - DV Cleared £65,000 - £70,000 per annum Yeovil - Onsite Job Description: We are looking for a Principal Cyber Security Analyst to join a Protective Monitoring Team at our Yeovil site. What you'll do as a Principal Cyber Security Analyst: Team Management : Provide direct line management, guide, and develop the SOC operations team, fostering a positive culture and ensuring continuous skill development. Mentorship and Development: Mentor and develop Junior Analysts, fostering a culture of continuous learning and innovation. Technical Leadership: Serve as the principal technical expert, ensuring efficient monitoring, detection, and response to security threats. Innovation and Continuous Improvement: Promote continuous improvement initiatives, staying at the forefront of cybersecurity practices. Tool and Technology Optimisation: Supervise the optimisation of critical security tools, ensuring they support proactive security postures. Incident Management and Response: Guide and support incident response efforts, providing expertise and guidance. Insider Threat Management: Manage and investigate Insider Threat cases upon request. Threat Hunting Leadership: Guide threat hunting teams during scheduled hunts, ensuring comprehensive threat detection. External Collaboration: Collaborate with external partners to enhance the SOC's defensive posture and ensure compliance with standards. Customer Network Oversight: Act as the technical expert for assigned customer networks, ensuring their security. Customer Engagement and Reporting: Provide weekly metrics reports and attend customer service reviews to offer technical insights. Cross-Functional Teamwork: Encourage collaboration with other departments to address security challenges with integrated solutions. What we need from you: We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate exceptional analytical skills and liaise professionally with peers and customers even under pressure. You really must have: Experience in cyber security including protective monitoring and incident response, eg GIAC GMON, GCIA, GCIH or equivalent experience. SIEM (LogRhythm, Splunk, etc) and IDS (Snort) experience. Network and Host security experience. Threat intelligence. Threat Hunting. Excellent communications skills. Mentoring and coaching. Current DV clearance. It would be nice if you had: SANS SEC 503 Intrusion Detection in Depth or equivalent. SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent. SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent. SANS SEC 511 Continuous Monitoring and Security Operations or equivalent. SANS LDR 551.
17/12/2024
Full time
Cyber Security Analyst - DV Cleared £65,000 - £70,000 per annum Yeovil - Onsite Job Description: We are looking for a Principal Cyber Security Analyst to join a Protective Monitoring Team at our Yeovil site. What you'll do as a Principal Cyber Security Analyst: Team Management : Provide direct line management, guide, and develop the SOC operations team, fostering a positive culture and ensuring continuous skill development. Mentorship and Development: Mentor and develop Junior Analysts, fostering a culture of continuous learning and innovation. Technical Leadership: Serve as the principal technical expert, ensuring efficient monitoring, detection, and response to security threats. Innovation and Continuous Improvement: Promote continuous improvement initiatives, staying at the forefront of cybersecurity practices. Tool and Technology Optimisation: Supervise the optimisation of critical security tools, ensuring they support proactive security postures. Incident Management and Response: Guide and support incident response efforts, providing expertise and guidance. Insider Threat Management: Manage and investigate Insider Threat cases upon request. Threat Hunting Leadership: Guide threat hunting teams during scheduled hunts, ensuring comprehensive threat detection. External Collaboration: Collaborate with external partners to enhance the SOC's defensive posture and ensure compliance with standards. Customer Network Oversight: Act as the technical expert for assigned customer networks, ensuring their security. Customer Engagement and Reporting: Provide weekly metrics reports and attend customer service reviews to offer technical insights. Cross-Functional Teamwork: Encourage collaboration with other departments to address security challenges with integrated solutions. What we need from you: We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate exceptional analytical skills and liaise professionally with peers and customers even under pressure. You really must have: Experience in cyber security including protective monitoring and incident response, eg GIAC GMON, GCIA, GCIH or equivalent experience. SIEM (LogRhythm, Splunk, etc) and IDS (Snort) experience. Network and Host security experience. Threat intelligence. Threat Hunting. Excellent communications skills. Mentoring and coaching. Current DV clearance. It would be nice if you had: SANS SEC 503 Intrusion Detection in Depth or equivalent. SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent. SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent. SANS SEC 511 Continuous Monitoring and Security Operations or equivalent. SANS LDR 551.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an Associate Principal, Cyber Defense. This role is focused on threat intelligence, incident response, security alerts, events analysis, network traffic, etc. Responsibilities: Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned. Work closely with threat intelligence team to enhance detection and response capabilities. Collaborate with other security team members and IT staff to address security incidents. Provide guidance and support to Tier 1 analysts on complex security issues. Communicate effectively with stakeholders regarding security incidents and mitigation efforts. Qualifications: Bachelor's degree in cybersecurity, computer science, or another related field. Minimum three years of information security experience, preferably in the financial services industry. Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities. Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+. Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.). SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus. Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc. Incident Response playbook development, managing security incident analysis and remediation. Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers) Standard technical writing tools including MS Word, Excel, Project and Visio Vulnerability assessment tools (Qualys, Nessus, nmap, etc.). Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID). Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) Web Application Firewalls. Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices.
13/12/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an Associate Principal, Cyber Defense. This role is focused on threat intelligence, incident response, security alerts, events analysis, network traffic, etc. Responsibilities: Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned. Work closely with threat intelligence team to enhance detection and response capabilities. Collaborate with other security team members and IT staff to address security incidents. Provide guidance and support to Tier 1 analysts on complex security issues. Communicate effectively with stakeholders regarding security incidents and mitigation efforts. Qualifications: Bachelor's degree in cybersecurity, computer science, or another related field. Minimum three years of information security experience, preferably in the financial services industry. Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities. Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+. Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.). SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus. Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc. Incident Response playbook development, managing security incident analysis and remediation. Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers) Standard technical writing tools including MS Word, Excel, Project and Visio Vulnerability assessment tools (Qualys, Nessus, nmap, etc.). Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID). Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) Web Application Firewalls. Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Sr. Cyber Defense Threat Engineer. Candidate will be responsible for the in-depth analysis and response to security incidents escalated from Tier 1 analysts. This role involves investigating complex security events, identifying potential threats, and implementing measures to mitigate risks. The Tier 2 analyst plays a critical role in maintaining the security posture of the organization by leveraging advanced threat intelligence and incident response techniques. Responsibilities: Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned. Work closely with threat intelligence team to enhance detection and response capabilities. Collaborate with other security team members and IT staff to address security incidents. Provide guidance and support to Tier 1 analysts on complex security issues. Communicate effectively with stakeholders regarding security incidents and mitigation efforts. Participate in post-incident reviews to identify areas for improvement. Stay current with the latest cybersecurity trends, threats, and technologies. Contribute to the development and enhancement of SOC processes and procedures. Qualifications: Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Knowledge and experience implementing controls based on security regulation (eg, NIST Cyber Security Framework) is a plus. Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.). SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus. Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc. Incident Response playbook development, managing security incident analysis and remediation. Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers) Standard technical writing tools including MS Word, Excel, Project and Visio Vulnerability assessment tools (Qualys, Nessus, nmap, etc.). Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID). Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) Web Application Firewalls. Cloud based security tools and techniques (AWS, Azure, GCP, etc.) Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices. Education and Experience: Bachelor's degree in cybersecurity, computer science, or another related field. Minimum three years of information security experience, preferably in the financial services industry. Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Industry knowledge of leading-edge security technologies and methods. Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities. Previous people/project management experience is a plus. Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+.
13/12/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Sr. Cyber Defense Threat Engineer. Candidate will be responsible for the in-depth analysis and response to security incidents escalated from Tier 1 analysts. This role involves investigating complex security events, identifying potential threats, and implementing measures to mitigate risks. The Tier 2 analyst plays a critical role in maintaining the security posture of the organization by leveraging advanced threat intelligence and incident response techniques. Responsibilities: Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned. Work closely with threat intelligence team to enhance detection and response capabilities. Collaborate with other security team members and IT staff to address security incidents. Provide guidance and support to Tier 1 analysts on complex security issues. Communicate effectively with stakeholders regarding security incidents and mitigation efforts. Participate in post-incident reviews to identify areas for improvement. Stay current with the latest cybersecurity trends, threats, and technologies. Contribute to the development and enhancement of SOC processes and procedures. Qualifications: Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Knowledge and experience implementing controls based on security regulation (eg, NIST Cyber Security Framework) is a plus. Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.). SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus. Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc. Incident Response playbook development, managing security incident analysis and remediation. Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers) Standard technical writing tools including MS Word, Excel, Project and Visio Vulnerability assessment tools (Qualys, Nessus, nmap, etc.). Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID). Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) Web Application Firewalls. Cloud based security tools and techniques (AWS, Azure, GCP, etc.) Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices. Education and Experience: Bachelor's degree in cybersecurity, computer science, or another related field. Minimum three years of information security experience, preferably in the financial services industry. Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Industry knowledge of leading-edge security technologies and methods. Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities. Previous people/project management experience is a plus. Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Sr. Cyber Defense Threat Engineer. Candidate will be responsible for the in-depth analysis and response to security incidents escalated from Tier 1 analysts. This role involves investigating complex security events, identifying potential threats, and implementing measures to mitigate risks. The Tier 2 analyst plays a critical role in maintaining the security posture of the organization by leveraging advanced threat intelligence and incident response techniques. Responsibilities: Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned. Work closely with threat intelligence team to enhance detection and response capabilities. Collaborate with other security team members and IT staff to address security incidents. Provide guidance and support to Tier 1 analysts on complex security issues. Communicate effectively with stakeholders regarding security incidents and mitigation efforts. Participate in post-incident reviews to identify areas for improvement. Stay current with the latest cybersecurity trends, threats, and technologies. Contribute to the development and enhancement of SOC processes and procedures. Qualifications: Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Knowledge and experience implementing controls based on security regulation (eg, NIST Cyber Security Framework) is a plus. Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.). SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus. Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc. Incident Response playbook development, managing security incident analysis and remediation. Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers) Standard technical writing tools including MS Word, Excel, Project and Visio Vulnerability assessment tools (Qualys, Nessus, nmap, etc.). Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID). Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) Web Application Firewalls. Cloud based security tools and techniques (AWS, Azure, GCP, etc.) Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices. Education and Experience: Bachelor's degree in cybersecurity, computer science, or another related field. Minimum three years of information security experience, preferably in the financial services industry. Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Industry knowledge of leading-edge security technologies and methods. Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities. Previous people/project management experience is a plus. Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+.
13/12/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Sr. Cyber Defense Threat Engineer. Candidate will be responsible for the in-depth analysis and response to security incidents escalated from Tier 1 analysts. This role involves investigating complex security events, identifying potential threats, and implementing measures to mitigate risks. The Tier 2 analyst plays a critical role in maintaining the security posture of the organization by leveraging advanced threat intelligence and incident response techniques. Responsibilities: Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned. Work closely with threat intelligence team to enhance detection and response capabilities. Collaborate with other security team members and IT staff to address security incidents. Provide guidance and support to Tier 1 analysts on complex security issues. Communicate effectively with stakeholders regarding security incidents and mitigation efforts. Participate in post-incident reviews to identify areas for improvement. Stay current with the latest cybersecurity trends, threats, and technologies. Contribute to the development and enhancement of SOC processes and procedures. Qualifications: Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Knowledge and experience implementing controls based on security regulation (eg, NIST Cyber Security Framework) is a plus. Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.). SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus. Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc. Incident Response playbook development, managing security incident analysis and remediation. Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers) Standard technical writing tools including MS Word, Excel, Project and Visio Vulnerability assessment tools (Qualys, Nessus, nmap, etc.). Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID). Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) Web Application Firewalls. Cloud based security tools and techniques (AWS, Azure, GCP, etc.) Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices. Education and Experience: Bachelor's degree in cybersecurity, computer science, or another related field. Minimum three years of information security experience, preferably in the financial services industry. Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Industry knowledge of leading-edge security technologies and methods. Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities. Previous people/project management experience is a plus. Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an Associate Principal, Cyber Defense. This role is focused on threat intelligence, incident response, security alerts, events analysis, network traffic, etc. Responsibilities: Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned. Work closely with threat intelligence team to enhance detection and response capabilities. Collaborate with other security team members and IT staff to address security incidents. Provide guidance and support to Tier 1 analysts on complex security issues. Communicate effectively with stakeholders regarding security incidents and mitigation efforts. Qualifications: Bachelor's degree in cybersecurity, computer science, or another related field. Minimum three years of information security experience, preferably in the financial services industry. Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities. Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+. Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.). SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus. Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc. Incident Response playbook development, managing security incident analysis and remediation. Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers) Standard technical writing tools including MS Word, Excel, Project and Visio Vulnerability assessment tools (Qualys, Nessus, nmap, etc.). Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID). Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) Web Application Firewalls. Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices.
13/12/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an Associate Principal, Cyber Defense. This role is focused on threat intelligence, incident response, security alerts, events analysis, network traffic, etc. Responsibilities: Monitor security alerts and events from various security tools and technologies. Perform advanced analysis of security logs, network traffic, and endpoint data. Review and respond to security incidents escalated by Tier 1 analysts. Conduct thorough investigations to determine the scope and impact of security incidents. Implement containment, eradication, and recovery measures for confirmed incidents. Document and report findings, actions taken, and lessons learned. Work closely with threat intelligence team to enhance detection and response capabilities. Collaborate with other security team members and IT staff to address security incidents. Provide guidance and support to Tier 1 analysts on complex security issues. Communicate effectively with stakeholders regarding security incidents and mitigation efforts. Qualifications: Bachelor's degree in cybersecurity, computer science, or another related field. Minimum three years of information security experience, preferably in the financial services industry. Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities. Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+. Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.). SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus. Endpoint detection and response tools, eg CrowdStrike, SentinelOne, Microsoft Defender, etc. Incident Response playbook development, managing security incident analysis and remediation. Network-based preventative and detective technologies (IDS/IPS, Firewalls, Proxy Servers) Standard technical writing tools including MS Word, Excel, Project and Visio Vulnerability assessment tools (Qualys, Nessus, nmap, etc.). Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID). Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) Web Application Firewalls. Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices.
