Lead - Infosec Engnieer

What Will You Be Doing?

The Lead Analyst, Cybersecurity Operations will be part of the Cybersecurity team that analyzes, implements, monitors, troubleshoots, and audits the cybersecurity of the Frontier network infrastructure. The analyst provides timely and comprehensive intelligence on internal/external threats for detection, monitoring, threat hunting, and incident response. The scope of environment includes system-monitoring platforms, anti-virus, DLP, URL filtering, and PCI environments. The analyst will be responsible for performing alert analysis, incident response, digital forensics, and supporting penetration remediation on applications/systems.

Essential Functions:

• Monitor, investigate, analyze, respond, and report to cyber incidents identified through detection/response platforms.

• Lead support to Management in detecting and responding to cybersecurity alerts and incident activity.

• Responsible for engaging and escalating incidents to Cyber Operations Management and other

Cyber Incident Response Team members.

• Actively support incident response activities, efforts, and training exercises (e.g., incidents, tabletops, threat simulations) and be the lead incident response analyst.

• Actively drive risk reduction efforts for known cyber security vulnerabilities and known attack traffic patterns/indicators of compromise (IOC).

• Actively monitor security threats and risks, provide in-depth incident analysis, evaluate security incidents, provide proactive threat research, and recommend mitigation strategies.

• Evaluate and determine if/when cybersecurity violations have occurred through examination of network/application logs, open-source research, vulnerability and configuration scan data, and user provided reports.

• Proactively conduct investigations, analysis, and evaluation of projects to determine cybersecurity risk and feasibility as required.

• Administer, maintain, tune, and perform heath checks on cybersecurity products and services (such as: secure mail gateway, SIEM, IDS/IPS, EDR, vulnerability management, brand monitoring, threat intelligence, security rating, DDoS, web proxy, file integrity monitoring (FIM), data loss

prevention (DLP), User Entity & Behavioral Analytics (UEBA), and other).

• Provide and implement recommendations for new technical controls to help mitigate security vulnerabilities.

• Responsible for leading the vulnerability management program functions including hosting weekly meetings with Stakeholders and the operations team, creating and tracking tickets for all vulnerabilities, holding stakeholder teams to meet SLAs, and reporting to the Manager of Cybersecurity on a weekly basis.

• Actively perform threat hunting activities in the environment to detect cyber threats in the network.

• Coordinate and support purple, red, and blue team engagements.

• Provide cybersecurity technical assistance when needed by system/application owners.

• Support multiple day-to-day cybersecurity tasks and projects efforts.

• Provide regular status updates to Management on projects and remediation efforts.

• Solid understanding of cybersecurity policies and procedures, ability to draft, modify and create standard operating procedures (SOPs) for use of other team members.

• Support organizational Security Awareness Training efforts (suggest training topics, coordinate phishing campaigns, enable awareness to end-users in support of incidents).

• Support vulnerability assessments functions (such as: enterprise pen testing, application pen testing, static/dynamic testing, scorecard assessments).

• Participate and support afterhours/on-call rotation requirements for cybersecurity incidents.

• Responsible for developing, monitoring, and tracking cyber security metrics on a recurring basis, including creating Powerpoint slide decks for presentations.

• Coordinate response and remediation efforts across various departments in a cooperative and beneficial manner.

• Responsible for maintaining Incident Response documentation and auditing member contact information on at least a semi-annual basis or as needed.

• Responsible for attending all vendor meetings and acts as the point of contact for our Cybersecurity vendors.

• Demonstrate ownership and understanding of tasks when engaging with other team members.

• Provide leadership, guidance and partnership to Analyst(s) and Senior Analyst(s).

• Responsible for the onboarding and training of new analysts to the Cybersecurity Operations team.

• Provide support to management team.

Qualifications:

• Bachelors degree in computer science, technology, or equivalent combination of education and relevant experience (required).

• 6+ years of relevant IT/Cybersecurity experience (required).

• 5+ years in security operations with hands-on experience with enterprise cybersecurity products, such as Qualys, SentinelOne, Proofpoint, Office365, Microsoft Defender for Cloud, Microsoft Defender for Identity (required).

• 5+ years of SIEM (security information and event management) platform experience (required).

• 4+ years supporting adversary tactics and techniques based on MITRE attack framework (required).

• Knowledge of cyber security standards and frameworks such as ISO 27001, NIST CSF, NIST-800-53, PCI DSS ASV (highly desired).

• Hands-on experience with tools like PowerShell, Vulnerability Management suite, Wireshark, and NMAP (required).

Position Description:

• Industry cybersecurity certification: CompTIA: Security+ or Pentest+, CEH, CISSP, OCSP, SANS: GCIH or GSEC, CISSP, ISACA: CISA or CISM, Security+, SSCP, or CCNA (required, or willing to attain within 3 months of start date).

• Hands-on Cloud infrastructure (Azure/AWS/GCP) cybersecurity remediation experience (desirable).

• Hands-on experience with next-gen endpoint detection/response (EDR), Enterprise Firewall, IPS, Log Management, Cisco, and Checkpoint experience (desirable).

• URL Filtering (web proxy) and troubleshooting experience (desirable).