Cyber Security Sr
March 20, 2017
* Daily monitoring of event collection, security intelligence and emerging threat information sources including SIEM, vendors, researchers, websites, newsfeeds and other sources
* Performs analysis of all threat/vulnerability sources assessing any impacts to Freddie Mac infrastructure and systems and provides an assessment, recommendations and potential actions correlative to the security threat posture and matures the current vulnerability and scanning/assessment capabilities.
* Coordinates response, triage and escalation activities for security events affecting the company’s information assets and activities with the incident response team as part of the security incident response lifecycle.
* Identifies and creates use cases within the SIEM tool
* Serves as one of the technical experts on the team
* Develop communication channels with technology owners and the business to evangelize the evolving threat landscape.
* Must be able to present to different audiences and adjust accordingly (business, technical and management) either structured presentations or ad-hoc. Must be able to establish and maintain business relationships with individual contributors as well as management.
* Leads efforts in the improvement and development of process/procedure manuals and documentation for the escalation of threat intelligence, advanced persistent threat detection, vulnerability analysis and incident response handling.
* Maintains a continuous process improvement work environment, for security monitoring, security configuration standards and threat analysis recommending and implementing new/improved process in accordance with existing policy, industry standards and best practices.
* At least 3+ years of Information Security Incident and Event Monitoring experience
* 3+ years of experience with advanced knowledge of network protocols, routing and switching in complex environments
* Experienced with using the command line interface (Unix, Linux, and Windows)
* Advanced scripting experience (Python, Shell, Bash, Java, etc.)
* Ability to communicate clearly, effectively, persuasively and credibly with internal and external customers and various levels of management both verbally and in written form
* Self-starter with the ability to work independently or within a dynamic team environment
* Attention to detail, logical and analytical thinking and systematic problem solving capability
* Adept with researching and investigating anomalies
* Experience working in a Security Operations Center (SOC) environment
* Relevant security knowledge and experience in two or more of the following areas: security operations, security intelligence, threat analysis, security event management, log analysis, and network/host intrusion detection
* Prior experience with system and security administration of multiple platforms and operating systems such as Unix/Solaris/AIX/Linux, Databases and Microsoft Windows
* Demonstrated experience with using and/or implementing SIEM technology (Splunk, Arcsight, QRadar, etc) and use cases.
* Demonstrated experience in handling SIEM events and response in critical environments (Email Threat Analysis, Web Threat Analysis, Malware Analysis, etc)
* Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection)
* Experience in the financial services industry
* Experience with Sarbanes-Oxley Compliance
* Advanced knowledge of the following: Programming, SQL, Firewalls, WAF, Advanced Persistent Threats, Zero Day Exploits, Reverse Engineering Malware, Vulnerability Analysis/Assessment and Data Loss Prevention
* Proven ability to lead and influence across and up during business impacting events
* Ability to influence and guide decision making in crisis moments
* GCIA, GCIH, CISSP or CCNA certification is preferred (Other relevant security certifications will be considered such as CEH and GREM)