Search

Senior Cyber Security Incident Responder – Associate Director

Experience level: Mid-senior

Experience required: 10 Years

Education level: Bachelor’s degree

Job function: Information Technology

Industry: Financial Services

Pay rate: hourly - Competitive pay rate based on experience

Total position: 1

Location: Tampa and Dallas

Relocation assistance: No

Visa: Only US citizens and Green Card holders


This is a contract to hire role!

Why you'll love this job:

The Cyber Blue Team is primarily responsible for the preparation, detection and analysis, containment, eradication, recovery, and post-incident activity related to cyber-incidents. Cyber Incident Response combines a series of technical and non-technical components to establish the recommended cyber-incident detection, response, coordination, and resolution actions.


The Sr. Cyber Security Incident Responder will perform cyber-incident detection and analysis activities through the monitoring of security appliances, such as SIEM, IDS/IPS, EDR, and Network Threat Detection, conducting in-depth analysis of cyber alerts to confirm a compromise has occurred. This position will work closely with IT in developing response processes and playbooks and crafting and executing corresponding tabletop exercises.


Your Responsibilities

  • Build and execute playbooks to strengthen response activities from events or incidents

  • Collaborate with IT on cyber incident response strategies, roles and responsibilities

  • Design and lead tabletop exercises passionate about responses to cyber events or incidents

  • Provide hands-on incident response training for IT and other members of the Cyber Blue Team

  • Lead security investigations and computer forensic analysis

  • Develop incident reports to include root-cause analysis, incident impact, and remediation tracking

  • Utilize detective controls to develop rules and alerts to drive security monitoring capabilities

  • Build and implement standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines

  • Proactively conduct research of company network traffic and system activity looking for security anomalies and suspicious activities

  • Analyze available data sources to identify trends and make recommendations to improve network, system and data security monitoring

  • Perform Advanced Persistent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, IDS, IPS, and Cyber Threat Intelligence

  • Conduct static and/or multifaceted analysis of malware to harvest indicators of compromise to improve security monitoring

  • Leadership Competencies for this level include

  • Accountability: Demonstrates reliability by taking vital actions to continuously meet required deadlines and goals.

  • Global Collaboration: Applies global perspective when working within a team by being aware of own style and ensuring all relevant parties are involved in key team tasks and decisions.

  • Communication: Articulates information clearly and presents information optimally and expertly when working with others.

  • Influencing: Convinces others by making a strong case, bringing others along to their viewpoint; maintains strong, positive relationships while at the same time is comfortable with results-oriented ideas.

  • Innovation and Creativity: Thinks aggressively and out of the box, generates new insights and processes, and expertly pursues challenges as new avenues of opportunity.


Qualifications

  • Demonstrable understanding of various security methodologies and processes, and technical security solutions (i.e. firewalls, proxies, and intrusion detection systems)

  • Extensive knowledge of network and server security products, technologies, and protocols protocols including TCP/IP, UDP, DHCP, FTP, SFTP, ATM, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP and HTTPS.,

  • Intelligence driven defense utilizing the MITRE ATT&CK Framework.

  • Security certification(s) and/or official training, such as GCIH, CSIH, ECSA, CHFI, ECIH, CEH or similar, or degree

4 views0 comments