Summary of Responsibilities:

Provides support to IT, Information Security and Cyber Security teams, including functioning as the subject matter expert in IT security systems and custom tools. Serves as technical support for the Incident Response teams in high-priority cyber investigations. Continuously evaluates the external threat landscape, providing leadership regarding replacement or augmentation of existing tool capabilities in order to better secure business systems and data from inside and outside threats. Serves as a project leader for cyber security tool selection and implementation projects. Functions as lead developer for all custom security tool implementations.

Position Responsibilities:

• Performs as the technical expert in one or more highly specialized areas of security infrastructure.

• Plans, designs, deploys, integrates and maintains IT security systems into corporate computing environments, including systems used for logging, monitoring, intrusion detection, centralized cyber security knowledge base and behavioral analysis. Identifies, plans, develops and implements automation of routine tasks. Remediates issues occurring with any IT security systems, including but not limited to unexplained system outages, cyber security incidents, issues with data collection feeds or interfaces with external MSSP providers. Collaborates with IT teams to remediate any potential hardware or network issues that prevent detection capability

• Plans, designs, develops, deploys, integrates and maintains custom cyber security tools built in Python that integrate with other IT systems.

• Provides “swat team” style support to Incident Response Analysts by resolving problems of the most complex, technical nature. Ensures investigations remain on track with very aggressive schedules.

• Drives solution identification, feasibility analysis and implementation recommendations for operational service level improvements. Drives implementation projects from inception through completion by functioning as the project leader.

• Monitors emerging technology trends and the security risks associated with those technologies. Consults with business units to bring awareness of risks and mitigations so business leaders can make risk-informed decisions.

• Monitors new developments in the Cyber Security software/hardware marketplace. Identifies new products with potential benefit to the Enterprise and conducts in-depth research and analysis of these products. Demonstrates the applicability of tools in real-world applications using a risk-based methodology based on business impact and the threat landscape. Is responsible for the evaluation, implementation and maintenance of purchased hardware/software.

• Provides knowledge transfer to team members through meetings, presentations and written communications, and ensures that the centralized knowledge base is up to date. Creates, revises, and maintains documentation of processes and procedures in the central knowledgebase.

• Participates in after-incident lessons learned meetings to give input on recommendations for additional tools or other mitigations for future incidents.

• Tracks service availability and performance metrics, and provides timely updates to management.

• Provides potential on-call support during nights and weekends.

• Performs other duties as assigned by management.

Selection Criteria:

• Proven experience in building or engineering security solutions for the following platforms: Windows, Linux and databases.

• Proven experience on both Linux-based and MS Windows-based system platforms with a strong IT technical understanding and aptitude for analytical problem-solving. Experience using SSH to maintain and configure systems remotely.

• Demonstrated strong understanding of enterprise, network, system and application-level security issues.

• Proven experience with system hardening processes, tools, guidelines and benchmarks.

• Proven understanding of the current vulnerabilities, response and mitigation strategies used in cyber security.

• Demonstrated strong team player – collaborates well with others to solve problems and actively incorporates input from various sources.

• Proven experience leading and motivating team members toward excellence and project completion.

• Demonstrated customer focus – evaluates decisions through the eyes of the customer, builds strong customer relationships and creates processes with customer viewpoint.

• Demonstrated analytical skills – continuously defines problems, collects or interprets data, establishes facts, anticipates obstacles and develops plans to resolve; strong problem-solving skills while communicating in a clear and succinct manner effectively evaluating information/data to make decisions.

• Demonstrated inherent passion for information security and service excellence.

• Proven excellent verbal and written communication skills; frequently expresses, exchanges or prepares accurate information to internal and external customers in a clear, focused and concise manner. Conforms to proper rules of punctuation, grammar, diction and style.

• Demonstrated self-starter with strong internal motivation. Proven ability to work with little supervision or direction.

• Proven ability to work under multiple deadlines with minimal supervision. Must cite examples of successfully organizing and effectively completing projects where given little or no direction.

• Demonstrated ability to continually perform an activity such as preparing and visualizing data and figures, transcribing, viewing a computer terminal or extensive reading. Visual acuity is required to determine accuracy, neatness and thoroughness of work assigned. Ability to continuously make repetitive motions of the wrists, hands and/or fingers.

Work Setting:

• This position works in an office setting and remains in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings.

Educational Requirements:

• Bachelor’s degree in computer science, computer engineering, IT or a related technical field, or commensurate selection criteria experience.

Computer Skills and Knowledge of Hardware & Software Required:

• Linux-based and MS Windows-based system platforms.

• Strong understanding of Enterprise, network, system and application-level security issues.

• Understanding of Enterprise computing environments, systems, applications, and a strong understanding of TCP/IP networks.

• Fundamental or greater understanding of encryption technologies.

• Excellent scripting skills in the Python language. Familiarity with other scripting languages preferred (examples: Perl, Java, or Ruby).

• Knowledge of Identity & Access Management practices, systems and controls.

• Project planning and execution experience highly desired.

• Experience with security tools, including but not limited to IDS (snort or suricata preferred), IPS, data analytics software, SIEM solutions (QRadar preferred), WAF, knowledge base platforms and live response/forensics tools highly desired.

Certifications & Licenses (i.e., Series 6 & 63, CPA, etc.):

• Technical certifications highly desired (examples: CISCO Certifcations, Microsoft Certifications).

• Candidate encouraged to hold one or more of the following security certifications: Certified Information Systems Security Professional (CISSP), any GIAC certification or ISACA certifications.

Position Demands:

• Extended hours required during peak workloads or special projects and off-hour support.

• Occasional travel may be required.