Job Description :
Role Summary/Purpose:
Reduce the risk and potential impact of cyber-attacks to the company by cultivating, maintaining, and advancing detection capabilities to identify threats targeting Client.
Support and partner with IS to provide detection and mitigation of cyber threats targeting Client assets.
In-depth-knowledge of Splunk Programming Language required. Experience developing and maintaining NIDS signatures/platform and a plus, but not required. Ability to work with partners across the firm, develop cyber-attack detection capabilities, operational processes, and prioritize work based on both firm priorities and risk of potential threats.
Essential Responsibilities:
Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.
Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure.
Administer test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s
Create, edit, and manage specialized cyber defense systems (e.g., intrusion prevention systems and phishing detection platforms
Identify potential conflicts with implementation of any cyber defense tools (e.g., tool and signature testing and optimization
Develop content for cyber defense tools.
Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
Perform cyber defense trend analysis and reporting.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
Basic Qualifications/Requirements:
High School diploma or equivalent and five years IT experience of Bachelors in a technical field and three years IT experience
A minimum of 5 years of experience in Information Technology, Cyber Security, Information Assurance, or a related field
Splunk Certified User and able to demonstrate fluency in SPL.
Recent experience in an enterprise Splunk environment
Able to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation
Able to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
Able to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
Able to identify systemic security issues based on the analysis of vulnerability and configuration data.
Able to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
Able to function effectively in a dynamic, fast-paced environment.
Desired:
Splunk user certification or demonstrate fluency in SPL (Splunk programming language)
Agile Experience
Experience deploying and managing NIDS signatures
Prior SOC, Intel, CIRT, or relevant infosec experience
Results driven, strategic, conceptual, and innovative thinker
Excellent consulting skills and superior ability to develop and maintain effective client relationships
Ability to work independently as well as part of a team
Highly analytical, detail-oriented, and strong problem solving with a common-sense approach to resolving problems
Expertise to clearly define complex issues despite incomplete or ambiguous information
Strong oral and written communications skills
Strong interpersonal and critical thinking skills