cyberthreat Defense

Cyberthreat Defense Lead/ Sr. Engineer

Implement, monitor and manage cybersecurity tools including CrowdStrike, MSFT ,Firewall, Cylance, Varonis, and/or Mimecast, to identify and respond to security threats.

Setup and maintain cybersecurity monitoring operations in partnership with external Managed Security Services Provider (MSSP), and perform triage to determine scope, urgency, and potential impact of security incidents and/or vulnerabilities.

Investigate and analyze security incidents, escalating and coordinating response efforts as necessary, and as defined in the Incident Response Plan (IRP).

Maintain the Incident Response Plan (IRP) and keep it up to date.

Perform root cause analysis on each security incident and make recommendations to mitigate similar incidents in the future.

Identify and analyze vulnerabilities and make specific and prioritized recommendations for remediation and mitigation solutions.

Conduct regular network penetration testing to assess vulnerabilities and recommend security enhancements.

Proactively search for threats using Computer Network Defense (CND) tools including intrusion detection system alerts, firewall and network traffic logs, and host system logs.

Implement and manage an enterprise SIEM tool.

Generate detailed reports on security assessments, incidents, and ongoing security activities, and develop, track, and report on relevant cybersecurity metrics on a regular basis.

Collaborate with infrastructure, network, applications, integrations, and BI teams to secure system, network, and application architectures.

Review the cybersecurity program with Governance, Risk and Compliance teams and provide them with requested cybersecurity reports and metrics.

Make improvements and suggestions to advance the overall security processes in place.

Develop, implement, and maintain security policies, procedures, and best practices.

Maintain the internal information security awareness site and ensure that up to date and relevant training material and information is available.

Promote a strong cybersecurity culture within and outside of IT.

Stay current with the latest cybersecurity trends, threats, and best practices.

Qualifications:

Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Comprehensive understanding of cybersecurity principles, practices, and technologies.

Proven experience in cybersecurity role with tools such as CrowdStrike Falcon, CrowdStrike Exposure Management, CrowdStrike Identity Protection

Hands-on experience with network penetration testing, vulnerability assessments, and remediation strategies.

Strong knowledge of network protocols, system vulnerabilities, and attack vectors.

Experience deploying and working with cybersecurity tools in Microsoft Azure and Microsoft 365.

Experience working with an enterprise SIEM tool.

Experience analyzing log files and correlating security related events.

Demonstrated strategic thinking, problem-solving, and decision-making abilities.

Excellent communication and interpersonal skills, with the ability to distill complex technical concepts into clear, concise communications.

Ability to independently prioritize competing initiatives and manage multiple tasks simultaneously in a fast-paced environment.

Exceptional time management skills.

Experience working with third-party Managed Security Services Providers (MSSPs) is highly desirable.

Experience with NIST Framework is highly desirable.

Relevant certifications such as CEH, CISSP, OSCP, CISM, CompTIA Security+ or equivalent is highly desirable.