Job Summary T |
his position will serve as a member of the Security Incident Response Team utilizing knowledge and experience to help develop processes and utilize technology to discover, resist and recover from security incidents and to limit the impact of any such occurrence or reoccurrence across the enterprise. As part of a team, the position will utilize technologies such as Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), computer forensics, sniffers and malware analysis tools. Position will work with IT teams, Employee Relations, Legal, Management and others on incident response and computer system forensic cases.
Job Responsibilities (listed in order of importance and/or time spent)
Conduct incident prevention, detection/analysis, containment, eradication and aid recovery across IT systems including: developing logic, monitoring events, responding to incidents, conducting forensics investigations, summarizing and reporting on findings. Technologies may include: Network and Host-based Intrusion Detection/Prevention, Data leakage identification and prevention, Security Incident and Event Management, Forensics, threat and fraud detection systems, various other IT and security systems.
Will determine if an adverse event is a security incident. Recommends incident response measures. Determines how an attack was executed, source of incident and classifies incident.
Assist in developing and executing incident response strategy. Conducts reviews of existing and new technology. Identifies the need for new incident detection and response technology solutions, research and recommend incident response and investigation technology.
Maintains incident response records and metrics.
Demonstrates knowledge of technology, policies, processes and standards. Provides consistent, practical and relevant ideas and perspectives on improvements.
Develops new procedures for industry best practice and collaborates with IT teams on current security solutions and configurations
Collaboration with the team and other teams.
Basic Qualifications & Interests (BQIs)
Bachelors Degree and at least two years experience in information security OR Bachelors Degree and five years of experience in IT OR High School Diploma/GED and at least five years of experience in information security.
At least two years of experience in information security designing, implementing or monitoring security event data on incident response technology such as Security Information & Event Management (SIEM), Intrusion Detection / Prevention Systems (IDS, IPS), Data Loss Prevention (DLP), Web Application Firewall (WAF), Malware analysis systems or conducting forensic investigations.
At least one year of experience with host and network security technologies such as routers, switches, firewalls, Operating System administration (such as Unix/Linux, Microsoft Windows, mobile operating systems)
Knowledge with reactive and proactive countermeasures to prevent or contain security incidents using industry best practices such as NIST 800 series (National Institute of Standards and Technology) .
Experience managing multiple tasks/projects simultaneously and meeting established deadlines.
Experience communicating and translating conceptual and technical data into business impact information. (such as intruder techniques, new vulnerabilities, attack vectors, exploits).
Knowledge with: anti-virus, firewalls, Unix/Linux/Windows and mobile operating systems and network protocols (TCP/IP, SMTP, HTTP, HTTPS, FTP, DNS, DHCP, SSH, RDP, etc.).
Available for on-call coverage during evenings, weekends, and holidays when required.
Preferred Qualifications & Interests (PQIs)
Three years of experience monitoring and responding to information security incidents.
Two years of experience analyzing network, system and application vulnerabilities.
Two years of experience writing logic to detect exploitation of vulnerabilities.
Knowledge of data mining, log analysis and/or fraud detection logic.
Knowledge and practice of developing code or scripting to automate processes or other methods to enhance capabilities.
Q1 Technologies - 18 months ago