Job Details:
Analyze and determine the scope of threats to the enterprise, vulnerabilities in software, and determine how our company will best defend itself against these threats. Monitor third-party security-related feeds, websites, forums, and mailing lists for information regarding cyber threats, vulnerabilities and exploits. Verify vulnerabilities; correlate and collate the information; and develop, edit, and deliver security reports to enterprise-level customers. On occasion replicate reported vulnerabilities in a lab environment and, where appropriate, develop proof of concept and/or exploit tools against these vulnerabilities.
Perform duties across several Cyber disciplines, activities may include:
- Intelligence Analysis:
- Develop and provide threat and situational intelligence leveraging proprietary enterprise data, as well as a variety of external sources and open source data.
- Actively monitor and research cyber threats with a direct or indirect impact to the OCC brand, business operations, or technology infrastructure.
- Develop and support briefings to Security management as a cyber intelligence subject matter expert.
- Create and conduct presentations on current threats and related IT Security topics.
- Provide monthly reporting to Security management on Threat, Vulnerability, and Incident management metrics.
- Network Security Operations Analysis:
- Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
- Incident Management and Forensic Analysis:
- Participate in cyber security incident response activities, including investigation, coordination, and reporting.
- Assist in the collection and preservation of evidence associated with cyber security incident response activities following industry best practices and established procedures.
- Develop and support briefings to Security management as a cyber-forensic subject matter expert.
- Proven team player, will be working individually and with other staff members, on both long-term projects and rapid response under tight deadlines.
- Effective and excellent oral and written communication, analytical, judgment and consultation skills.
- Ability to effectively communicate in both formal and informal review settings with all levels of management.
- Proven experience in developing and providing threat and situational intelligence from a variety of internal and external sources.
- Ability to work with local and remote IT staff/management, vendors and consultants.
- Ability to work independently and possess strong project management skills
- Implementation and maintenance of SIEM (ArcSight, IBM Qradar, McAfee NitroSecurity, etc.)
- Forensic analysis tools (MIR, EnCase, FTK)
- Malware analysis tools (dynamic and static)
- Vulnerability assessment tools (Qualys, ISS Scanner, nmap, etc.)
- Secure Web Gateway (BlueCoat, Microsoft Forefront)
- Network sniffers and packet tracing tools (DSS, NAI SnifferPro, Ethereal and tcpdump).
- Encryption technologies (PGP, PKI and X.509)
- Standard technical writing tools including MS Word, Excel, Project and Visio
- Familiarity with:
- Directory services, LDAP, and their inherent security (Active Directory, CA Directory).
- Proxy and caching services.
- Client/server platforms including Sun Solaris, Windows, Linux.
- Operating system hardening procedures (Solaris, Linux, Windows, etc.)
- LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP).