|Date Posted||March 13, 2018|
Associate Manager, Security Response
The group a combination of security operations and c-cert (computer security response team) Basics: experience in jobs, tools, about them. Any experience with incidence response.
- This new Associate Manager will be a utility player; will have experience with variety tool sets (Vulcan scanner, sims, security event managers)
- Penetration test tools= BURP, Metisploit, Command line Kung fu, Medtisspolity (rapid 7 owns)
- PM – DLP (Data Loss Prevention Project) = high visibility
- Legal and governance, security and possibility of building a data loss prevention system.
- Focus- experience with cybersecurity tools. Understand the concepts. No button pusher. Think through and apply concepts and be willing investigate tools and make them work for us. No specific industry. Cyber-security, tools, process knowledge
- Trouble shooting mind -set
- Tools changes – when we have a security incident what do you do first and second.
- Need someone who can be a threat hunter and hunt and investigate and be a back up to a SOC. Security Operations Center. “Operations” team when there is a big problem.
- Biggest challenge the breadth of everything they will need to understand and how to put the pieces together. Need to know the logs and tools are, where to look.
- Initial challenge= how everything is configured. What role you will take indifferent tool sets and put into practice. Phased challenge
- *Not going to be just following a recipe from a run book. Creating run book and processes.
- There is autotomy in this role. Someone who can work independently.
- May pay partial relocation
- No bonus / Company pays Profit sharing
Associate Manager, Security Response
The Senior Associate, Computer Security Incident Response Team (CSIRT) is a hands-on role that requires a high level of technical expertise. The person in this position is responsible for a broad range of tasks, including the day-to-day administration of information security tools and devices, as well as support for security appliances and tools, and may include significant responsibilities for the security administration of a wide variety of systems across the enterprise.
As a member of the Security Response Team, this position interacts closely with vendors and service providers, with personnel from various IT departments including Application Development, Infrastructure & Operations, as well as with business departments. In-depth knowledge of operating systems and security applications, as well as a working knowledge of basic network protocols and tools is also required.
Roles and Responsibilities:
- Perform threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities
- Apply patches where appropriate and, at the direction of the Manager, Security Response Manager, remove or otherwise mitigate known control weaknesses, such as unnecessary services or applications, as a means of hardening systems in accordance with security policies and standards
- Locate and repair security problems and failures
- Collate security incident and event data to produce monthly exception and management reports
- Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes
- Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
- Develop and maintain documentation for security systems and procedures
- Research, recommend, evaluate and implement information security solutions that identify and/or protect against potential threats, and respond to security violations
- Assist with internal and external investigations
- Respond to and, where appropriate, resolve or escalate reported security incidents
- Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution
- Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions
- Participate in infrastructure projects to develop, plan, and implement specifications for network and distributed system security technologies in support of key information systems
- Assist in the management of security tools and appliances
- Implement or coordinate remediation required by audits, and document exceptions as necessary
- Perform system and application vulnerability testing, participate in enterprise testing and assessment activities as needed
- Research threats and vulnerabilities and, where appropriate, act to mitigate threats and remediate vulnerabilities
- Review, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure
- Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach
- Monitor security vulnerability information from vendors and third parties
- Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems