TELECOMMUTE – US National
Title: Cyber Defense Technical Expert
Remote, US (except CO)
This Tier 3 technical lead will be a resident technical expert within the bank s Cyber Defense Operations Center (CDOC) and will play a key role on the Cyber Defense Advanced Practices (CDAP) Team
In working with the Threat Intelligence, Content Engineering and Attack Surface Management team, you will possess extensive experience in security operations, incident response and threat hunting methodologies and will have a well-rounded background in endpoint/network security defenses as well as some offensive security knowledge to allow the ability to think like an adversary.
You will serve as an incident responder to assess the risk, impact and scope of identified security threats, as well as leading the response efforts. This role will help mature existing hunting, malware analysis and advanced threat detection programs.
Primary responsibilities include:
Driving the hunting of complex insider and outsider threats that affect the Bank
Focusing on partnerships and information sharing, support organizations on strategic direction to mitigate threats.
Analyzing vulnerability assessment and penetration testing results to help identify stealthy threats
Leveraging technical and non-technical capabilities to eradicate threats.
Leading ad-hoc technical teams on coordinated responses and subsequent remediation of security incidents.
Conducting multi-step investigative analysis to trace activities associated with advanced threats
Serving as an escalation resource and mentor for junior analysts
Identifying potential malicious activity from memory dumps, logs, and packet captures
Supporting proactive deep malware analysis, and recommending defensive actions to effectively defend against malware-related attacks
Making recommendations on how to optimize security monitoring tools based on threat hunting discoveries
Defining tool requirements to improve SOC capabilities
Facilitating the evaluation, selection and implementation of supporting SOC systems and tools
Providing leadership and technical guidance in project planning, task definition, estimating, reporting, scheduling, documentation, and workflow
Participating in 24/7 on-call rotation as a point of escalation for incidents outside of normal business hours (nights, weekends, and holidays).
7 or more years of progressive security industry experience
Demonstrated understanding of various operating systems (Windows, Unix, Linux, etc) with an emphasis on Security Operations
Experience with programming/scripting (Python, Powershell, Ruby, PHP, Perl, etc.)
Experience with malware reverse engineering and tools such as IDA Pro, OllyDbg, PEID etc.
Hands on experience with Security Information and Event Management technologies (QRadar, ArcSight, Splunk etc.)
Leadership qualities to serve as an escalation resource and mentor for junior analysts
Self-motivation with the ability to work under minimal supervision
Experience with computer security incident handling, coordination and response
Knowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis, and security mitigation techniques
Excellent oral and written communications skills
Strong analytical skills
Ability to explain advanced technical concepts to non-technical audiences
Education, Certifications a…
Computer & IT , Computer Security , Software Development , PHP , Python , Ruby on Rails