8- 12years of experience be in the areas of incident detection and response, remediation, malware analysis, or computer forensics. Prior relevant experience should be in the areas of incident detection and response, malware analysis, or computer forensics.

Familiarity with a Threat Intelligence Platform, Security Incident and Event Manager, or Security Orchestration and Automated Response platform. Practical experience with a Threat Intelligence Platform, Security Incident and Event Manager, or Security Orchestration and Automated Response platform.

C ollaborate within an Agile development team to ensure that incremental capabilities are delivered each sprint and develop Incident Response (IR) automation scripts and reusable integrations for InfoSec technologies (e.g., Phantom, Demisto/XSOAR, Splunk, CrowdStrike, Office 365, Jira, MySQL, etc.

Deep technical understanding and exposure to SIEM, vulnerability scanning and management, DLP, incident response planning and execution, EDR, IDS/IPS, content filtering, and penetration testing.

Minimum of 3 years experience working with Security Operations Centers (SOCs), Incident Response teams, Cyber Threat Intelligence functions, and other members of the cyber defense mission, and awareness of security threats and defensive strategies within the critical infrastructure, including techniques, tactics, and procedures (TTPs) that threat actors utilize to attack an organization.

Knowledge of Endpoint Detection and Response tools (e.g., Carbon Black, CrowdStrike) + Minimum of 3 years; experience with Security Orchestration, Automation, and Response (SOAR) practices including playbook development, data and artifact collection, process automation, technology orchestration, and response actions, and basic technical knowledge and working experience with the TCP/IP stack and common IT server platforms: Windows, Linux, UNIX, SQL, IIS, Directory Services, etc.

Provide support on incident response engagements in collaboration with the Team lead and Engagement Manager leading the engagements to guide client’s containment, remediation, restoration, and forensic investigations.

Email security - Digital media forensic - Monitoring and detection - Incident Response - Vulnerability assessment and pen test - Cyber intelligence analysis. A minimum of four (4) years of experience in one or more of the following areas: computer network penetration testing and techniques; computer evidence seizure, computer forensic analysis, and data recovery; computer intrusion analysis and incident response, intrusion detection; computer network surveillance/monitoring; network protocols, network devices, multiple operating systems, and secure architectures.

Strong understanding of security topics, including access control, network and systems hardening, threat modeling, encryption, vulnerability management, digital forensics, and incident response.

Network/IT security monitoring vulnerability scanning, SIEM, logging, and incident response and investigation. Responsibilities include capacity planning, asset management, service level agreements, high-availability, problem management, risk and security, change management, incident management, disaster recovery planning, and project management.

Experience with other key security technologies, in at least two other areas across: network security, identify security, endpoint protection, data security, incident response, firewalls, or vulnerability management tools.

5+ years of information security experience including experience in one or more of the following security disciplines: information security monitoring, incident response, vulnerability management, host/network forensics, cyber-crime investigation, penetration testing, business continuity, or cyber threat intelligence.

Establish policies and develop procedures for all aspects of security operations, focusing on threat modeling, threat hunting, digital forensics and incident response. Oversee day-to-day cybersecurity operations, incident response, and threat intelligence.

ServiceNow (Change Management, Incident Management, Vulnerability Response) The Cybersecurity Engineer will own the governance and management of the NERC CIP-007 R2 controls and will be responsible for internal and external communications and metrics regarding the program.

Direct experience with common security tools including endpoint detection and response (EDR), security incident event management (SIEM), AWS/Azure/GCP Cloud Security Stack, Data Protection/Data Loss Prevention Tools, Threat and Vulnerability Management Tools, and Microsoft 365 security suit.