Posted on: 08/12/2022
Job ID: YATS0820221135447
The Senior Cybersecurity Engineer is responsible for keeping information systems secure, determining access requirements, and planning and implementing information security programs, to help protect against cybercrime threats, including malware, phishing, viruses, denial-of-service attacks, information warfare and hacking.
- Incident prevention, detection, containment, and recovery across IT systems, including process development, incident response and reporting:
- Administration and management of security technologies and products: Security Information and Event Management (SIEM), security automation, Data Loss Prevention (DLP), endpoint security (EDR), sandboxing, threat intelligence, pen testing & vulnerability management, identity management
- Regular security monitoring and identification of possible intrusion or breach
- Ability to use all available tools to conduct in-depth active and passive threat analysis and incident investigation, to identify security vulnerabilities or malicious activity
- Monitor and evaluate the effectiveness of security controls and alignment with security frameworks
- Participate in the creation and maintenance of security-related policies and procedures
- Collaborate with internal and external stakeholders to proactively prepare, recognize and respond to various attack patterns.
- Stay up to date with current security issues and regulations in the industry including researching latest findings, industry trends, and vendor-specific issues and resolutions; research and test new security tools
- Mentor and train junior resources.
- Experience with incident response, troubleshooting, and forensic analysis of malware events and vulnerability issues
- Experience with network security monitoring systems for in-depth analysis of data and trends, including Splunk/Splunk ES (3+ years), Cisco AMP (1-2 years), Varonis (1-2 years)
- Practical expertise using Splunk SPL to extract actionable insights from security analytics, including the ability to manage and configure input from various data sources, run complex searches, generate reports, create alerts and dashboards, fine tune Splunk ES correlation searches, etc.
- Application of security architecture principles, standards, and controls to enterprise systems and system designs, including cloud environments (SaaS, PaaS, IaaS)
- Creating and testing security event procedures for alert management and incident response
- Knowledge of firewall/IPS devices and understanding of encryption and VPN technologies (IPSEC, SSL/TLS, GRE, DMVPN, etc.)
- Good verbal/written communication skills and the ability to manage critical situations and maintain positive relationships with colleagues and clients.
- Bachelor’s degree or equivalent in IT or related fields; industry accepted security certifications (CCNA Security, SANS, CISSP, etc.) a plus