Experience level: Mid-senior
Experience required: 10 Years
Education level: Bachelor’s degree
Job function: Information Technology
Industry: Financial Services
Pay rate: hourly - Competitive pay rate based on experience
Total position: 1
Location: Tampa and Dallas
Relocation assistance: No
Visa: Only US citizens and Green Card holders
This is a contract to hire role!
Why you'll love this job:
The Cyber Blue Team is primarily responsible for the preparation, detection and analysis, containment, eradication, recovery, and post-incident activity related to cyber-incidents. Cyber Incident Response combines a series of technical and non-technical components to establish the recommended cyber-incident detection, response, coordination, and resolution actions.
The Sr. Cyber Security Incident Responder will perform cyber-incident detection and analysis activities through the monitoring of security appliances, such as SIEM, IDS/IPS, EDR, and Network Threat Detection, conducting in-depth analysis of cyber alerts to confirm a compromise has occurred. This position will work closely with IT in developing response processes and playbooks and crafting and executing corresponding tabletop exercises.
Build and execute playbooks to strengthen response activities from events or incidents
Collaborate with IT on cyber incident response strategies, roles and responsibilities
Design and lead tabletop exercises passionate about responses to cyber events or incidents
Provide hands-on incident response training for IT and other members of the Cyber Blue Team
Lead security investigations and computer forensic analysis
Develop incident reports to include root-cause analysis, incident impact, and remediation tracking
Utilize detective controls to develop rules and alerts to drive security monitoring capabilities
Build and implement standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines
Proactively conduct research of company network traffic and system activity looking for security anomalies and suspicious activities
Analyze available data sources to identify trends and make recommendations to improve network, system and data security monitoring
Perform Advanced Persistent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, IDS, IPS, and Cyber Threat Intelligence
Conduct static and/or multifaceted analysis of malware to harvest indicators of compromise to improve security monitoring
Leadership Competencies for this level include
Accountability: Demonstrates reliability by taking vital actions to continuously meet required deadlines and goals.
Global Collaboration: Applies global perspective when working within a team by being aware of own style and ensuring all relevant parties are involved in key team tasks and decisions.
Communication: Articulates information clearly and presents information optimally and expertly when working with others.
Influencing: Convinces others by making a strong case, bringing others along to their viewpoint; maintains strong, positive relationships while at the same time is comfortable with results-oriented ideas.
Innovation and Creativity: Thinks aggressively and out of the box, generates new insights and processes, and expertly pursues challenges as new avenues of opportunity.
Demonstrable understanding of various security methodologies and processes, and technical security solutions (i.e. firewalls, proxies, and intrusion detection systems)
Extensive knowledge of network and server security products, technologies, and protocols protocols including TCP/IP, UDP, DHCP, FTP, SFTP, ATM, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP and HTTPS.,
Intelligence driven defense utilizing the MITRE ATT&CK Framework.
Security certification(s) and/or official training, such as GCIH, CSIH, ECSA, CHFI, ECIH, CEH or similar, or degree