Job Description :
Hello,

Position: Information Security Operations Engineer
Location: Gaithersburg, MD
Duration: 6 months with possible contract to hire

Description:
The Information Security Operations Engineer is responsible for assisting in development and implementation of standard operating procedures which support prevention, detection and response of cyber security risks and threats. The global incident management program will provide the company with the ability to complicate, detect, and respond to Cyber Security incidents impacting the enterprise by ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported. The program will have responsibility over security monitoring and is responsible for global 24x7 incident response activities. The global security incident management program will also manage information resources during incident response activities to identify possible cyber-attack or intrusion events, and determine if it is a business impact.

Primary Responsibilities:
- Leading SOC Security Engineers in the performing of all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
- Take direction from Manager Global Security Operations and interact with Managed Security Service Provider (MSSP) for escalation and incidents
- Monitor and analyze network traffic and security event data.
- Investigate intrusion attempts and perform in-depth analysis of exploits.
- Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident in conjunction with MSSP
- Conduct proactive threat and compromise research and analysis.
- Review security events that are populated in a Security Information and Event Management (SIEM) system provided by MSSP
- Analyze a variety of network and host-based security appliance logs determine the correct remediation actions and escalation paths for each incident.
- Lead the digital forensics and malware analysis triage analysis
- Independently follow procedures to contain, analyze, and eradicate malicious activity.
- Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
- Create a final incident report detailing the events of the incident
- Provide information regarding intrusion events, security incidents, and other threat indications and warning information to teams
- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
- Provide guidance and mentorship to analyst team on investigative and response methodologies.
- Participates in special projects as required. The SOC Security Engineer IV is responsible for carrying out all activities regarding SOC policies and SOC procedures.

Requirements:
- Able to execute the security incident response and Information inventory management strategy defined by leaders.
- A minimum Bachelor Degree in computer engineering, computer security or computer science discipline.
- 7-10 years of information security related experience leading teams in security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration, network operations, engineering, system administration on Linux, or Window
- Strong understanding of adversary motivations including cybercrime, cyber hacktivism, cyber war, cyber espionage and the difference between cyber propaganda and cyber terrorism.
- Strong understanding of security operations concepts such as perimeter defense, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment and security metrics.
- Strong understanding of Threat Intelligence and Threat Profiling
- Familiarity with network security methodologies, tactics, techniques and procedures.
- Experience with Intrusion Detection Systems (IDS)/ Intrusion Protection Systems (IPS), SIEM and other network defense security tools.
- Ability to read IDS signatures.
- Experience with Data Loss Prevention (DLP) technologies
- Understanding of network packet capture and ability to review.
- Experience performing security/vulnerability reviews of network environments.
- Knowledge of network security architecture, understanding of the TCP/IP protocol, and remote access security techniques/products.
- Experience with enterprise anti-virus/malware solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.
- Have experience monitoring, detecting, and leading response efforts of advanced persistent threats.
- Knowledge of digital forensic and static malware analysis techniques.
- Experience generating and modifying network and host based Indicators of Compromise (IOC)
- Strong research background, utilizing an analytical approach.
- Candidate must be able to react quickly, decisively, and deliberately in high stress situations.
- Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, to technical and non-technical audiences at different seniority levels and interact with customers.
- Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a global team setting.
- Ability to create and maintain good business relationships with counter parts, customers and external entities to achieve the security incident management goals
- Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
- Experience with open source and commercial security management tools
- Experience in the definition and implementation of strategic information security plans
- Moderate knowledge of regulatory compliance requirements (PCI-DSS, HIPAA, FISMA, SOX)
- Moderate knowledge in National Institute of Standards and Technology (NIST) as they apply to FISMA
- The ability to obtain and maintain a DoD Secret security clearance required. (This involves a background/character, criminal history, employment, and credit check

Desired certifications (but not required):
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GIAC)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Certified Forensic Analyst (GCFA)
- Certified Ethical Hacker (CEH)
- Cisco Certified Network Associate Security (CCNA Security)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Network Professional Security (CCNP Security)
- Cisco Certified Network Professional (CCNP)
- Server Platform Certifications (Microsoft, Linux)
- Forensics Examiner Certification (EnCE, FTK)
             

Similar Jobs you may be interested in ..