Job Description
SUMMARY: As a member of the Cyber Threat Unit, this position is responsible for the proactive assessment and analysis of cyber risk, understanding threats as they relate to the organization, responding to cyber incidents, and implementing measures to prevent or combat existing and potential threats. ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.
- Monitor and analyze network traffic, Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP) events, security events and logs.
- Perform secondary reviews and maintain Data Loss Prevention (DLP) systems and policies.
- Understand a variety of security and compliance policies and incident response processes.
- Review daily reports and files to ensure compliance to policies and standards.
- Escalate non-compliance issues to the appropriate group and follow-up on remediation actions
- Work with internal customers to respond to escalations.
- Prioritize and differentiate between potential intrusion attempts and false alarms.
- Determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures.
- Create and track security investigations to resolution.
- Open and assign tickets to the correct resolver, and validate/close tickets related to false positives.
- Provide investigation, triage, and mitigation of detected security events.
- Compose security alert notifications and other communications.
- Advise incident responders in the steps to take to investigate and resolve computer security incidents.
- Stay up to date with current vulnerabilities, attacks, and countermeasures.
- Work closely with the SNOC 24x7 operations team, network and system administrators, other appropriate IT/IS groups and business lines to provide incident response (IR) support and determine the risk of a given event.
- Implement and monitor controls necessary to ensure processes are performed and are effective to protect the environment from all forms of malicious cyber activity.
- Conduct Digital Forensics and Incident Response (DFIR) analysis of suspected compromised systems.
- Assist in establishing procedures for handling each security event detected.
- Keep abreast of emerging technology and public policy trends in the information security space.
- Assist in the gathering and analysis of the current and future threat landscape, and assist the SNOC Manager in providing leadership with a realistic overview of risks and threats in and to the organization.
- Maintain knowledge of the current security threat level by monitoring related threat intelligence sources as necessary.
- Utilize intelligence provided by the Threat Intelligence team from past or current events to improve detection, update monitoring and possibly facilitate prevention of successful cyber attacks.
- Provide advice on IT initiatives, IT business projects, and IT engineering in regards to security industry best practices.
- Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).
- Adheres to Bank policies and procedures and completes required training.
- Identifies and reports suspicious activity.
EDUCATION Bachelor's Degree in Computer Science, Information Assurance, Cyber Security or related field or equivalent combination of work with certifications is required
Experience - An understanding of network and host based DLP technologies, processes, policies and procedures
- Basic understanding of regulatory compliance initiatives related to Sarbanes Oxley (SOX), and the Gramm-Leach-Bliley Act (GLBA)
- Experience in cloud security, or cloud administration
- Experience with cloud security tools and technologies, such as AWS Security Hub, Azure Security Center, GCP Security Command Center, etc.
- Experience with scripting languages
- Familiarization of cyber and cloud security standards, frameworks, and guidelines such as NIST, PCI-DSS, MITRE, OWASP, etc.
- Ability to organize and analyze large amounts of data and report findings
- Firm grasp of the design and implementation of effective IS controls
- Proficiency with a Security Incident handling tool (ie SIEM, ESEM)
- Experience with Security orchestration Automation Response (SOAR)
- Working knowledge of monitoring tools
- Familiar with Active Directory, group policies and role based concepts
- Possess a working knowledge of TCP/IP and the functions of Network technologies
- Possess a working understanding of Network security devices, IPSec VPNs, TCP/IP, Routing, Switching, VRF, VLANS, Bandwidth Utilization, and Load Balancers
- Cyber security analysis, incident response, or related security experience
- Strong analytical and problem solving skills
- Good interpersonal, organizational, writing and communications skills
- Ability to work well in a team environment as a whole
- Ability to perform multiple projects simultaneously
CERTIFICATES, LICENSES, REGISTRATIONS - CISSP Certified Information Systems Security Professional
- CEH Certified Ethical Hacker
- SANS/GIAC Training or certifications
- SSCP Systems Security Certified Professional
- Cloud Certifications (e.g. AWS)
- Security+
- Certificate in Cyber Security
Knowledge, Skills And Abilities - Firm understanding of penetration testing and vulnerability assessments.
- A strong networking background.
- Demonstrated understanding of TCP/IP networking.
- Cyber security analysis, incident response, or related security experience preferred.
- Strong analytical and problem solving skills.
- Good interpersonal, organizational, writing and communications skills.
- Ability to work well in a team environment as a whole.
- Self-motivator
- Working knowledge with various technologies including forensic tools, network monitoring tools, host security prevention tools, etc.
Job Tags