Job Description
Contract term: 3 year contract
Work model:
Hybrid, least 2 days a week near Union Station; 7 hour days
1.0 Description of Assignment
The candidate will defend against cybersecurity incidents and identify, analyze, communicate and contain incidents as they occur.2.0 Skills and Certifications
Mandatory Skills/Certifications
• BS or MA in computer science, information security, cybersecurity or a related field
• 3+ years of experience in IT audit, enterprise risk management, penetration tester, red team/incident responder, or as a junior security operations analyst.
• 3+ years of experience with regulatory compliance and information security management frameworks (such as International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)
• Certificates such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)Other Skills/Certifications
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to effectively influence others to modify their opinions, plans or behaviors
• An understanding of organizational mission, values, goals and consistent application of this knowledge
• Strong problem-solving and troubleshooting skills3.0 Assignment Duties
• Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
• Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
• Deploy cloud-centric detection to detect threats related to cloud environments and services used by the organization
• Correlate activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
• Review alerts and data from sensors, and documents formal, technical incident reports
• Work with threat intelligence and/or threat-hunting teams
• Provide network subscribers with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
• Support the creation of business continuity/disaster recovery plans, including conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies
• Work with security information and event management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts
• Correlate network, cloud and endpoint activity across environments to identify attacks and unauthorized use
• Research emerging threats and vulnerabilities to aid in the identification of incidents
• Provide users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
• Perform security standards testing against computers before implementation to ensure security4.0 Deliverables
Deliverables include:
• Identifying, deploying, configuring, and managing security infrastructure.
• Addressing Support Tickets
