Analyze and determine the scope of threats to the enterprise, vulnerabilities in software, and determine how our company will best defend itself against these threats.
Monitor third-party security-related feeds, websites, forums, and mailing lists for information regarding cyber threats, vulnerabilities and exploits. Verify vulnerabilities; correlate and collate the information; and develop, edit, and deliver security reports to enterprise-level customers. On occasion replicate reported vulnerabilities in a lab environment and, where appropriate, develop proof of concept and/or exploit tools against these vulnerabilities.
Perform duties across several Cyber disciplines, activities may include Intelligence Analysis:
- Develop and provide threat and situational intelligence leveraging proprietary enterprise data, as well as a variety of external sources and open source data.
- Actively monitor and research cyber threats with a direct or indirect impact to the OCC brand, business operations, or technology infrastructure.
- Develop and support briefings to Security management as a cyber intelligence subject matter expert.
- Create and conduct presentations on current threats and related IT Security topics.
- Provide monthly reporting to Security management on Threat, Vulnerability, and Incident management metrics.
- Network Security Operations Analysis
- Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
- Incident Management and Forensic Analysis
- Lead in cyber security incident response activities, including investigation, coordination, and reporting.
- Lead and direct in the collection and preservation of evidence associated with cyber security incident response activities following industry best practices and established procedures.
- Develop and support briefings to Security management as a cyber-forensic subject matter expert.
- Proven team player, will be working individually and with other staff members, on both long-term projects and rapid response under tight deadlines.
- Effective and excellent oral and written communication, analytical, judgment and consultation skills.
- Ability to effectively communicate in both formal and informal review settings with all levels of management.
- Proven experience in developing and providing threat and situational intelligence from a variety of internal and external sources.
- Ability to work with local and remote IT staff/management, vendors and consultants.
- Ability to work independently and possess strong project management skills
Demonstrated proficiency in:
- Implementation and maintenance of SIEM (ArcSight, IBM Qradar, McAfee NitroSecurity, etc.)
- Forensic analysis tools (MIR, EnCase, FTK)
- Malware analysis tools (dynamic and static)
- Vulnerability assessment tools (Qualys, ISS Scanner, nmap, etc.)
- Secure Web Gateway (BlueCoat, Microsoft Forefront)
- Network sniffers and packet tracing tools (DSS, NAI SnifferPro, Ethereal and tcpdump).
- Encryption technologies (PGP, PKI and X.509)
- Standard technical writing tools including MS Word, Excel, Project and Visio
- Directory services, LDAP, and their inherent security (Active Directory, CA Directory).
- Proxy and caching services.
- Client/server platforms including Sun Solaris, Windows, Linux.
- Operating system hardening procedures (Solaris, Linux, Windows, etc.)
- LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP).
- Web Application Firewalls.
- Cloud based security tools and techniques
Security Integration Scripting Activities:
- Mid-level to advanced scripting and development activities to appropriately leverage complex Application Programing Interfaces (APIs) to optimize interoperability and data exchange between disparate security monitoring and analysis devices
- Bachelor’s degree in Computer Science, Engineering, or other related field.
- Minimum seven years of information security experience, preferably in the financial services industry.
- Minimum three years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages
- Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies and motives.
- Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure.
- Industry knowledge of leading-edge security technologies and methods
- Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities
- Previous people/project management experience is a plus.
- Government Security Clearance is a plus.
- Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CCE, CFE