Long-term contract to hire or possibly a direct hire role. Must be able to work onsite 3x a week in the Lower Manhattan (NYC) location.
Our client is a privately held cybersecurity company that is involved in the detection and prevention of major cybersecurity attacks. They provide hardware and software products as well as Professional Services to investigate cybersecurity attacks, protect against malicious software, analyze IT security risks and provide cybersecurity consulting services.
The Security Incident Response (IR) Tier III will lead incident handling and perform in-depth forensic investigations, investigate alerts escalated by lower tiers, perform malware analysis, help review and enhance the current IR program, develop and lead threat hunting program, as well as help building a Security Operations Center. This position will collaborate and work closely with members of the Information Security Risk Mgt (ISRM) team to develop innovative and effective procedures for incident response operations, collaborate on incident response efforts with multiple city agencies and external partners, coordinate table top exercises and oversee training for lower tiers. Additionally, this individual should also be able to evaluate and lead implementation of complementary security tools, fine tune existing tools and develop use cases and generate detailed and summary reports, perform threat hunting on a regular basis, and assess risk and provide recommendations to improve security posture of the organization.
The Security Incident Response (Tier III) is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services with focus on digital forensics and incident response (DFIR). This individual will act as a subject matter expert in DFIR and serve as escalation point for lower tiers.
Duties & Responsibilities
- Develop and lead threat hunting program
- Lead and mature the current incident response program
- Conduct in-depth malware analysis, host and network forensics, log analysis, and be able to triage alerts
- Utilize Security Incident & Event Management (SIEM) technologies; ArcSight preferred, host forensics tools (e.g. Autopsy, Forensic Toolkit (FTK), F-Response), Endpoint Detection & Response tools, and network forensics (full packet capture solution) to perform threat hunting and investigative activity
- Attend regular team meetings and facilitate meetings between stakeholders, project leaders, and the Information Technology teams to help implement (where applicable) remediation plans in response to incidents
- Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
- Improve security monitoring, analysis and incident response process by recognizing APT activities, indicators of compromise (IOCs), ingestion of additional log sources into the SIEM
- Identify, develop and build scripts, tools, security content to enhance the incident investigation processes, automate where applicable
- Assist in developing, updating Standard Operating Procedures (SOPs), playbooks, incident response plan and training documentation when needed
- Stay current with vulnerability information across all the products in H+H environment, maintain knowledge of the threat landscape
- Keep informed on current threats and industry regulations
- Attend regular team, management, and project meetings and provide both verbal and written reports to the Leadership Team as required.
- Develop a strong working relationship within the ISRM team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
- Be able to justify blocking requests for IOCs or additional security controls to staff within the ISRM team and other Enterprise IT teams
Minimum Qualifications
- A Master’s degree from an accredited college or university in Healthcare, Hospital, Public or Business Administration, Industrial/Organizational Psychology, Organizational Behavior or a related discipline and three (3) years of full-time experience planning, developing and monitoring programs, systems and/or procedures in support of administrative management initiatives, one (1) year of which must have been in a responsible managerial or supervisory capacity; or 2. A Baccalaureate degree from an accredited college or university in disciplines, as listed in “1” above and four (4) years of full-time experience, as outlined in “1” above, two (2) years of which must have been in a responsible managerial or supervisory capacity; or 3. A satisfactory equivalent combination of education, training and/or experience.
Department Preferences
Certification(S)/NYS Licenses/Education
- A Master’s degree in information systems
- CISSP, GSEC, CEH, GCFA or other relevant security qualification
Knowledge, Skills, Abilities and other Requirements:
- Cyber Threat Intelligence and analysis
- Forensic and Malware Analysis
- Deep packet and log analysis
- Understanding of Windows and Linux forensic artifacts
- Strong knowledge of Security Incident & Event Management (SIEM) technologies; ArcSight preferred
- Full understanding of Tier 1/2 responsibilities/duties and how these feed into Tier 3.
- Ability to take lead on incident research and mentor junior analysts
- Understanding vulnerability and patch management
- Strong knowledge of vulnerability scoring systems (CVSS/CMSS), and security frameworks like OWASP (Open Web Application Security Project), MITRE ATT&CK
- Good understanding of Windows and Linux patching
- Excellent writing and communication skills
- Knowledge of network and operating system security
- Knowledge of encryption algorithms, known vulnerabilities from alerts, advisories, errata and bulletins
- Utilize/understand the use of open source tools such as Nmap, Shodan, and Metasploit to identify and confirm vulnerabilities and attack surface
- Be able to create or modify scripts using frameworks such as PowerShell or Python
- Must possess a high degree of integrity and trust along with the ability to work independently as well as work as part of a fast-moving team
- Strong Knowledge of infrastructure, application and security protocols in addition to configuration management techniques
- Knowledge of network security architecture concepts, including topology, protocols, components, traffic flows across the network (e.g. TCP/IP, OSI, etc.)
- Experience working with operating systems (Microsoft Windows, Linux, UNIX, etc)
Other Preferred Skills:
- Must possess a high degree of integrity and trust along with the ability to work independently
- Participate in special projects as needed and perform other duties as assigned
- Must be able to work independently as well as work as part of a fast moving team
- Must be able to work at various locations when necessary along with working various shifts
- Detail oriented, organized, methodical, follow up skills with an analytical thought process
- Ability to learn new technologies
Years Of Experience
- A minimum of seven years of IT experience, with at least five years dedicated to IT/Cyber Security, including Incident Response