HP
Security Operations Center Cyber Security Specialist
Dallas/Fort Worth Area, US - Computer & Network Security, Computer Networking, Information Technology and Services
Job Description
The Security Operations Center team is responsible for the continuous investigation of correlated security event feeds and the appropriate escalation in case of an identified security incident. They are the primary contact for any suspected security incident and work together with the remediation team on resolving incidents and remediating threats to the HP enterprise.
The SOC Cyber Security Specialist also takes part in the creation and steady improvement of correlation rules, security policies, processes and procedures and other department related documentation.
Investigate incidents using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
• Analyze, escalate, and assist in remediation of critical information security incidents.
• Improve and challenge existing processes and procedures in a very agile and fast moving information security environment.
• Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by the Security Operations Center
• Act as Subject Matter Experts for analysis functions, providing support on more involved cases and guiding the activity of other analysts through collaboration
• Act as the lead coordinator for HP’s response to individual information security incidents
• Identify and document containment and remediation efforts which successfully reduce risk
• Maintain documentation on residual risk, along with assignment of leadership owners and recommended steps for remediation
• Participate in project work, sometimes acting as project lead
• SOC Cyber Security Specialists should have detailed knowledge of:
o Information security policies and goals
o Log analysis and event traffic patterns
o DLP, encryption, HIDS, NIDS, firewall technology
o The current IT threat landscape and upcoming trends in security
Qualifications
Qualifications
Required Experience and Education:
4-6 years of security experience preferable and 5 plus years of IT experience preferable, and
Hold US Citizenship and reside in the Plano, Texas area, and have a minimum of one of the following:
Bachelor's Degree in Computer Science, Computer Networking, or Computer Security.
Working toward or earned one or more of the following certifications is preferable:
• CISSP or CISA or CISM or Certifications
• GCIH (Certified Incident Handler)
• GCIA (Certified Intrusion Analyst)
• CEH (Certified Ethical Hacker)
• GCED (GIAC Certified Enterprise Defender)
• SSCP (Systems Security Certified Practitioner)
• GCIH (GIAC Certified Incident Handler)
• GCFA (GIAC Certification Forensic Analyst)
• CCNA (Cisco Certified Network Associate)
Security toolset certification (vendor provided training, i.e. Checkpoint, etc.).
Technical Skills:
• Understands information security, especially incident response, intrusion detection and prevention
• Data & Traffic Analysis
• Network (TCP/IP)
• Unix fluency
• Windows fluency
• Network fluency
• Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques.
• Strong understanding of security operations concepts: perimeter defense, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment, and security metrics
• Troubleshooting skills, networks, messaging, vulnerability and threat management
• Experience using System Security/Vulnerability Scanners/Sniffers
• Experience with ArcSight, SIEM, Splunk, forensic tools (e.g., Encase), etc.
• Strong understanding of vulnerability management: what vulnerabilities are, how do we find them, and how do we mitigate them?
• Strong understanding of malicious code: reverse engineering skills, practitioner tactics, techniques and procedures from common motivations (see above)
• Strong understanding of basic visualization techniques, especially big data
• Strong understanding of basic cyber-intelligence techniques
Soft Skills:
• Customer focused, high energy.
• Meticulous in resolving incidents and issues.
• High stress tolerance, tenacity, work ethics and follow up skills.
• Willingness to do shift work.
• Mentorship
• Excellent English writing and oral communication skills.
Security System Management and Configuration Management – MACD.
• Operate firewalls, intrusion detection systems, and various enterprise security management, endpoint assessment and asset inventory technologies
• Ability to troubleshoot common network devices, network, vulnerabilities and network.
• Advanced knowledge in; Firewalls, VPN, Intrusion detection and prevention systems, anti-virus and content filtering, url filtering, authentication solutions, switches, routers, VoIP, DMZ.
• Configuration Review of security devices.
• Experienced with Checkpoint firewalls, RSA SecureID, QRadar SIEM, and BlueCoat Proxy.
No salary provided
Posted April 11, 2015 at 12:20AM from LinkedIn http://ift.tt/1IALk2h
via IFTTT
No hay comentarios:
Publicar un comentario