Responsible for the technical aspects of an information security investigation; including analysis involving PCs, servers, applications, storage, infrastructure devices, etc. Candidate will coordinate and communicate with legal, privacy, security, incident response, and networking professionals. Candidate will also present findings to business professionals and executives.
Other responsibilities include:
• Perform analysis of system communication for investigations, potential litigation, and HR related matters
• Investigate potential identity theft and/or intrusions to/from client facing systems and resources
• Produce monthly incident reports
• Document actions taken for audit, regulatory and legal purposes within approved incident tracking system
• Communicate and escalate issues and incidents as required by process or management
• Collaboration with business unit technical teams for issue resolution and mitigation control implementation
• Additional responsibilities will include performing documentation review and improvement, attending meetings as needed, serve as front line response for troubleshooting low-level issues as needed
• 8+ years of Information Technology experience with network technologies, specifically TCP/IP, and related network tools required.
• Demonstrated analytical, problem solving, and prioritization skills required.
• Depth of understanding of TCP/IP and networking concepts required.
• Experience maintaining tools, procedures, and documentation required.
• Ability to think strategically, work with a sense of urgency and attention to detail required.
• Ability to follow detailed process and procedure documentation required.
• Ability to present complex solutions and methods to non-technical people required.
• Independent thinking, willingness to "step outside the box" required.
• Demonstrated ability to be reliable and flexible required.
• Excellent written and verbal communication and organizational skills required.
• Subject matter expert (SME) in one or multiple areas such as Windows, Unix, midrange, PCs and mobile devices, firewalls, web application firewalls, intrusion detection, data loss prevention, or information risk management required.
• Demonstrated experience with a SIEM required.
• Appropriate communication skills to communicate with Legal, Human Resources, IT staff and others on the resolution of customer escalations, incident handling, and incident response required.
• Experience in a fast paced, high stress, support environment required.
• Ability and experience with reviewing raw log files required.
• Experience with a web application firewall (WAF) preferred.
• Good grasp of developing and writing scripts preferred.
• Understanding of network design principles and knowledge of the OSI model preferred.
• SME level understanding of Information Security including threats, attacks, and vulnerability management preferred.
• Experience with IDS, IPS, or another signature matching technology nice to have.
Education and Certifications:
• EnCe or other computer forensic certification required
• CISSP or SANS GIAC certification preferred
• Bachelors Degree preferably in a technical discipline or equivalent work experience preferred
• Network, Security, or Platform certification(s) (S+, N+, MCSP, CNA) nice to have