An organisation is searching for an Associate Principal within Cyber Defense, please see some of their job details below.
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
Perform duties across several Cyber disciplines, activities may include:
Security Monitoring:
- Monitor security alerts and events from various security tools and technologies.
- Perform advanced analysis of security logs, network traffic, and endpoint data.
Incident Response:
- Review and respond to security incidents escalated by Tier 1 analysts.
- Conduct thorough investigations to determine the scope and impact of security incidents.
- Implement containment, eradication, and recovery measures for confirmed incidents.
- Document and report findings, actions taken, and lessons learned.
Collaboration and Communication:
- Work closely with threat intelligence team to enhance detection and response capabilities.
- Collaborate with other security team members and IT staff to address security incidents.
- Provide guidance and support to Tier 1 analysts on complex security issues.
- Communicate effectively with stakeholders regarding security incidents and mitigation efforts.
Continuous Improvement:
- Participate in post-incident reviews to identify areas for improvement.
- Stay current with the latest cybersecurity trends, threats, and technologies.
- Contribute to the development and enhancement of SOC processes and procedures.
Supervisory Responsibilities:
Qualifications:
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
- Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines.
- Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets.
- Knowledge and experience implementing controls based on security regulation (e.g., NIST Cyber Security Framework) is a plus.
- Effective and excellent oral and written communication, analytical, judgment and consultation skills.
- Ability to effectively communicate in both formal and informal review settings with all levels of management.
- Ability to work with local and remote IT staff/management, vendors and consultants.
- Ability to work independently and possess strong project management skills.
Technical Skills:
Demonstrated proficiency in:
- Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.).
- SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus.
- Endpoint detection and response tools, e.g. CrowdStrike, SentinelOne, Microsoft Defender, etc.
- Incident Response playbook development, managing security incident analysis and remediation.
- Network-based preventative and detective technologies (IDS/IPS, firewalls, proxy servers)
- Standard technical writing tools including MS Word, Excel, Project and Visio
Familiarity with:
- Vulnerability assessment tools (Qualys, Nessus, nmap, etc.).
- Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID).
- Client/server platforms including Sun Solaris, Windows, Linux.
- Operating system hardening procedures (Solaris, Linux, Windows, etc.)
- Web Application Firewalls.
- Cloud based security tools and techniques (AWS, Azure, GCP, etc.)
Some experience:
- Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices.
Education and/or Experience:
- Bachelor’s degree in cybersecurity, computer science, or another related field.
- Minimum three years of information security experience, preferably in the financial services industry.
- Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response.
- Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives.
- Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure.
- Industry knowledge of leading-edge security technologies and methods.
- Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities.
- Previous people/project management experience is a plus.
Certificates or Licenses:
- Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+
What We Offer
- A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
- A hybrid work environment, up to 2 days per week of remote work
- Tuition Reimbursement to support your continued education
- Student Loan Repayment Assistance
- Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
- Generous PTO and Parental leave
- Competitive health benefits including medical, dental and vision
- Step 1 When you find a position you’re interested in, click the ‘Apply’ button. Please complete the application and attach your resume.
- Step 2 You will receive an email notification to confirm that we’ve received your application.
- Step 3 If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.
#JPKR
#JPKR
