** Candidate must sit in one of the following states: CT, FL, ME, MA, NH, NY, RI, SC, VT **
PURPOSE/OBJECTIVE: This role is a strategic leader on the Security Operations team as an incident responder. The role plans the response to complex security threats and enhances the incident management framework. This role drives initiatives that bolster the bank’s cybersecurity defenses and fosters a culture of continuous improvement and resilience, refines IR processes, and communicates with stakeholders at all levels.
MAJOR RESPONSIBILITIES:
Analyze data, make recommendations for remedial action and/or security network enhancements based on detailed analysis and ensure proper communication of issues and/or recommendations to both technical and non-technical audiences. This includes remediation efforts for day to day reported trouble tickets from internal customers. Research adversarial Tactics, Techniques and Procedures (TTPs) and developing novel detection and prevention techniques across multiple environments including network, endpoint and applications, particularly through use of the bank SIEM solution. Monitor events and alerts generated by firewalls, SIEMs, IDS and networking equipment Methodically identify system security issues and determine root cause via a consistent, logical approach. Work with senior engineers and technology management, define and drive security-based process improvements. Create and/or maintain security documentation including security architecture diagrams, procedures, and Bank security standards.PROBLEM SOLVING & DECISION MAKING:
The Senior Incident Response engineer must possess strong problem-solving and decision-making abilities to efficiently navigate the intricacies of their role. The incumbent must have the ability to coordinate and make critical decisions in ambiguous and high-pressure situations. The individual must make decisions on items arising from day-to-day tasks, as well as collaborating with senior-level staff and management to make more significant decisions that have a greater organizational impact.
REQUIREMENTS:
Education and Experience:
College degree or equivalent combination of training and experience 5+ years’ experience in security engineering w/ 3+ years working as a security engineer. 1-2 years Azure experience Experience with project management methodologies and with large scale enterprise and service provider networks.Skills/Knowledge:
Solid Understanding of the following Computer forensic analysis Firewall technology SIEM configuration and content development experience IP networking (TCP/IP and packet analysis) IPS/IDS system attack knowledge Two factor Authentication systems Powershell or python scripting language Knowledge of LINUX and Windows system administration a plus Must be able to synthesize multiple data points across several business and technical domains. Must be analytical, well-organized, and self-directed. Makes recommendations to manager on decisions of complex, multifaceted nature. Independently drives and coordinates solutions to complex matters Proficiency in handling complex security incidents, with a deep understanding of the current cybersecurity landscape and threats. Organizational and planning skills, with the ability to manage multiple projects and priorities effectively. Ability to implement new security tools in large scale projects. CISSP, GPEN, CEH a plus in addition to other network security certifications Advanced level knowledge in designing and managing complex next gen firewall infrastructures to include firewall, IPSEC VPN and IPS/IDS, Advanced Networking, Acceleration & Clustering technologies Must have the ability to communicate information and ideas so others will understand. Must be able to exchange accurate information in these situations. Ability to build relationships and strong alliances is crucial Strong ability to understand, accurately translate and produce technical information for a general audience
Working Conditions:
Physical Demands:
While performing the duties of this job, the employee must be able to remain in a stationary position 50% of the time. The employee frequently is required to operate a computer and other office productivity machinery, such as a calculator, copy machine, and printer. The employee is frequently required to move about inside the office to access workstations, office machinery, and other equipment. They also occasionally travel to locations outside of the facility, to attend meetings, trainings, events, and other business activities. The employee must have near visual acuity for working on a computer, far visual acuity, and peripheral vision necessary for driving a motor vehicle. The employee must occasionally lift and/or move boxes or equipment up to 50 pounds across office for various needs.
Work Environment:
Persons holding this position are generally subject to inside environmental conditions having the lighting, temperature, and noise level of an open floor-plan office environment (moderate, but occasionally loud at times). This role routinely uses standard office equipment such as computers, phones, photocopiers, and filing cabinets. Occasionally the employee will need to move self in different positions to accomplish tasks in various environments including tight and confined spaces, e.g., under desks and server rooms. They occasionally will be required to travel to other work locations. This employee must be able to work on-call/after-hours as required.