Our Philadelphia client is looking for a Cyber Security Engineer who will augment incident response duties for our clients global information security organization. This person will also support the Information Security department’s goals and objectives by addressing escalations, and the evaluation of technology controls providing key insight and research in new threats, vulnerabilities, and mitigation techniques. In this role they will take the lead in proposing solutions to improve or reduce risk exposure from the overall threat landscape and improve the resilience and readiness of security technologies and processes which ensure the confidentiality, integrity, and availability of the organization’s assets, information, data, and IT services in an efficient manner.
The ideal candidate would have at least 7+ years of IT security experience to include 4+ years security response or security operations experience preferably gained within a high-availability/high performance customer facing application environment; and also have at least one, if not multiple of the following certifications: CCFE, GCFE, CISSP, CISM, SANS, GIAC (or related), ethical hacking/penetration tester certification, and/or security risk assessment certification.
- Conduct and evaluate technical risk assessments, such as vulnerability scanning, penetration testing, risk reviews for new applications, and third-party risk assessments.
- Develop and collect intelligence to proactively detect and identify high-confidence threats to the brand, service infrastructure and enterprise users and systems.
- Responsible for analyzing/validating security control requirements and tuning, defining the mitigation rules, scripting and performing changes or mitigating attacks, and assisting with troubleshooting support related to any issues which may arise from security detection or protection technologies.
- Develop and execute security incident response plans and cyber forensic investigations for investigating all reported security incidents.
- Assist with reviewing existing tools, applications, and processes to help strengthen and optimize current security capabilities, as well as identifying any gaps or technical solutions to further enhance the team’s effectiveness.
- Communicate problems and solutions verbally and in written form to peers and management.
- Compliance and governance: help achieve compliance, identify compliance initiatives, and author and promote appropriate security policies.
- Develop comprehensive incident reports and investigation summaries.
- Lead the exploration of practical security solutions to address emerging threats and compliance requirements, including design and implementation of recommended solutions.
- Develop and implement security programs: manage and execute project deliverables; communicate to affected stakeholders including departments within the company; develop program procedures including guidelines and flow diagrams to be implemented on an ongoing basis; and develop tools or metrics that allow for the measurement of successful program implementation.
- Lead analysis and review security events for anomalous activity, collaborate with respective peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
- Ability to conduct forensic and incident response investigations.
- Understanding of incident response and risk mitigation workflow and planning.
- Understanding of compliance and governance initiatives.
- Analysis of security events for anomalous activity.
- Identification of emerging security threats.
- Able to develop and implement security improvement and remediation programs.
- Vulnerability assessment, threat analysis, and reporting.
- Understanding and promotion of security policies.
- Strong ability to monitor security systems for threats.
- Experience with configuring and managing network security devices including the ability to perform log extraction and configuration, policy updates and rule changes.
- Investigation and navigation in Cloud and Web-based environments.