Description

• Responds to and, where appropriate, resolves or escalates reported security incidents.
• Monitors system logs, SIEM tools, hunts for exploits and network traffic for unusual or suspicious activity.
• Interpret such activity and make recommendations for resolution.
• Investigates and resolves security violations by providing postmortem analysis to illuminate the issues and possible solutions.
• Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.
• Working knowledge of compliance standards such as, NIST, ISO27001, HIPAA, HiTRUST and FedRAMP.
• Working experience on various security tools to locate and repair security problems, exploits, incidents, or failures.
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
• Experience with NESSUS in a complex network environment.
• Experience with a variety of security tools and software.
• Working experience on regulatory compliance drivers such as NIST CSF and NIST.

All employees have the following security and privacy responsibilities:

• Complete required security and privacy training timely.
• Abide by all corporate security and privacy policies.
• Report all suspected incidents to the Security & Risk Team promptly.
• Safeguard all company assets and credentials in their possession.
• Safeguard all sensitive personally identifiable information[1] must be protected and used only for business purposes.

Requirements

• 6-8 years of Information Security experience bachelor’s or master’s degree computer science or in a related field, or an equivalent level of competence obtained through experience.
• Deep understanding of Microsoft Windows operating systems, MS active directory and Linux.
• Experience working with IP networking, networking protocols, and understanding of security related technologies including encryption, VPNs, firewalls, IDS/IDP, content filters and syslog correlation tools.
• Deep understanding of vulnerability scanning and providing guidance on remediation requirements.
• Experience SIEM technologies.
• Understanding of security/computer incident response methodologies.
• Experience with vulnerability scanning using commercial and open-source tools.
• Strong technical writing skills.
• Strong interpersonal skills and teamwork skills.
• High level of work independence.

Screener Questions: EBiz Screener Questions