Information Security Engineer III
Lead Security Analyst
The Lead Security Analyst will be responsible for
· Ensuring applications, networks, systems and cloud services are monitored in accordance with security controls related to SOC 2, ISO 27001 and the RMS Information Security Policy
· Developing, documenting, and implementing enterprise information security monitoring procedures for on-premise and cloud hosted infrastructure for both corporate and customer environments
· Analyzing networking, firewall and system configurations from a security perspective and bringing that knowledge to investigation of security events
· Analyzing network traffic patterns, system logs, SIEM and endpoint security tools for unusual or suspicious activity
· Defining, implementing and executing incident response playbooks and provide leadership to the Security Operations Center team
· Working closely with the Security Operations Center to develop new data feeds and services for continuous monitoring and detection capabilities, including the writing of data parsers, installation of data connectors and log collectors, and tuning and aggregating multiple security alerting sources
· Assisting in the development, documentation and automation of threat management, vulnerability management, and incident management processes
· Performing assessments of security tools, vendors, and solutions to support information security roadmap initiatives
· Minimum 3+ years of experience in SOC environments, including experience developing new monitoring use cases.
· At least one security-related certification, such as CISSP, GIAC, CompTIA Security+, required. CISSP strongly preferred.
· Experience with the development, management, and automation of security monitoring solutions in an enterprise cloud-based environment
· Solid understanding of SIEM management and operations
· Demonstrated proficiency in network and/or system administration.
· Hands-on technical proficiency with IDS/IPS and SIEM tools. IBM QRadar, Splunk, and Graylog expertise highly preferred.
· Working knowledge of TCP/IP addressing and standards including network design, firewall configuration, load balancing, remote access, strong authentication, vulnerability scanning, VPN and DMZ management
· Proven ability to manage priorities & deadlines and to provide leadership in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
· Experience in creating detailed procedure documents & diagrams
· Demonstrated experience in investigating security issues related to the Internet, server, desktop, laptop, tablet and other mobile device security issues; OS patching, hardening and anti-virus
· Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc, highly preferred.