CYBERSECURITY / Associate Manager – Incident Response (CSIRT)

at RED SKY Consulting
Location Milwaukee, WI
Date Posted March 13, 2018
Category Default
Job Type Full-time


Associate Manager, Security Response

The group a combination of security operations and c-cert (computer security response team) Basics: experience in jobs, tools, about them. Any experience with incidence response.

  • This new Associate Manager will be a utility player; will have experience with variety tool sets (Vulcan scanner, sims, security event managers)
  • Penetration test tools= BURP, Metisploit, Command line Kung fu, Medtisspolity (rapid 7 owns)
  • PM – DLP (Data Loss Prevention Project) = high visibility
  • Legal and governance, security and possibility of building a data loss prevention system.
  • Focus- experience with cybersecurity tools. Understand the concepts. No button pusher. Think through and apply concepts and be willing investigate tools and make them work for us. No specific industry. Cyber-security, tools, process knowledge
  • Trouble shooting mind -set
  • Tools changes – when we have a security incident what do you do first and second.
  • Need someone who can be a threat hunter and hunt and investigate and be a back up to a SOC. Security Operations Center. “Operations” team when there is a big problem.
  • Biggest challenge the breadth of everything they will need to understand and how to put the pieces together. Need to know the logs and tools are, where to look.
  • Initial challenge= how everything is configured. What role you will take indifferent tool sets and put into practice. Phased challenge
  • *Not going to be just following a recipe from a run book. Creating run book and processes.
  • There is autotomy in this role.  Someone who can work independently.
  • May pay partial relocation
  • No bonus / Company pays Profit sharing

Associate Manager, Security Response

The Senior Associate, Computer Security Incident Response Team (CSIRT) is a hands-on role that requires a high level of technical expertise. The person in this position is responsible for a broad range of tasks, including the day-to-day administration of information security tools and devices, as well as support for security appliances and tools, and may include significant responsibilities for the security administration of a wide variety of systems across the enterprise.

As a member of the Security Response Team, this position interacts closely with vendors and service providers, with personnel from various IT departments including Application Development, Infrastructure & Operations, as well as with business departments. In-depth knowledge of operating systems and security applications, as well as a working knowledge of basic network protocols and tools is also required.

Roles and Responsibilities:

  • Perform threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities
  • Apply patches where appropriate and, at the direction of the Manager, Security Response Manager, remove or otherwise mitigate known control weaknesses, such as unnecessary services or applications, as a means of hardening systems in accordance with security policies and standards
  • Locate and repair security problems and failures
  • Collate security incident and event data to produce monthly exception and management reports
  • Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes
  • Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
  • Develop and maintain documentation for security systems and procedures
  • Research, recommend, evaluate and implement information security solutions that identify and/or protect against potential threats, and respond to security violations
  • Assist with internal and external investigations
  • Respond to and, where appropriate, resolve or escalate reported security incidents
  • Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution
  • Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions
  • Participate in infrastructure projects to develop, plan, and implement specifications for network and distributed system security technologies in support of key information systems
  • Assist in the management of security tools and appliances
  • Implement or coordinate remediation required by audits, and document exceptions as necessary
  • Perform system and application vulnerability testing, participate in enterprise testing and assessment activities as needed
  • Research threats and vulnerabilities and, where appropriate, act to mitigate threats and remediate vulnerabilities
  • Review, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure
  • Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach
  • Monitor security vulnerability information from vendors and third parties
  • Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems

Only registered members can apply for jobs.