Cyber Security Specialist

***Must have OSCP certification and able to work early morning at least 6:00 AM EST

This is a technical position where the candidate will manage, provide technical support, implement, maintain and troubleshoot all security products used by the Firm. The candidate must have significant hands-on experience with security technologies and solutions. The candidate will also perform daily investigation of security incidents, security assessments and audits.

The job duties include:

• Manage firewalls, Anti-Virus, Web Filtering Solutions, DLP, IPS/IDS, NAC, DDOS protection, third-party remote access, application white listing solutions, endpoint detection and response solutions.
• Manage Security Incident and Event Management systems (SIEM).
• Manager and investigate all security events until resolution.
• Manage privilege account management systems.
• Conduct technical security audits and perform risk assessments.
• Conduct firewall, network and systems configuration change and audits.
• Perform vulnerability scans on networks, servers, systems and applications.
• Create weekly security reports including keeping track of information security metrics.
• Work with consultants and third party vendors as it relates to security services they provide.
• Participate in project reviews of information security architectures associated with each initiative.
• Conduct malware analysis and research for new exploit techniques used by cyber criminals.
• Conduct proactive threat hunting.
• Research and test new security technologies.
• Manage and maintain a good relationship with third party security vendors that support the firm.
• Maintain and create new process to ensure the Firm s security posture meets clients security requirements.
• Participate as part of member of Cyber Incident Response team.

BACKGROUND:

• 5-7+ Years experience in IT Security
• Bachelor Degree in Computer Science or Information Systems or significant work experience
• Must have prior experience with actual incident response, investigations and forensics analysis.
• Must have the following certifications: GIAC GSEC, PCNSE, OSCP

QUALITIES:

• Extensive knowledge of security best practices in regard to computer systems, networks, telecommunication and all associated hardware.
• Very strong analytical approach to problem-solving and solution development.
• Must be passionate about security and strive to ensure the Firm is protected against evolving cyber threats.
• Must be a professional with customer satisfaction-oriented mindset, creative and be able to balance security with business objectives.
• Must be able to work well in teams.
• Must be able to think outside of the box and go beyond traditional security.
• Must be able to work with Director of Information Security in providing accurate and timely information and closely follow his direction.
• Ability to manage multiple projects and support functions.
• Ability to work in a fast paced and dynamic environment.
• Ability to travel when necessary.
• Must be available to report for work on regularly scheduled days and off hours when required.
• Must be available to take emergency off-hour calls during security incidents.
• Strong analytical, communication and interpersonal skills.
• Must be able to quickly identify root causes specially during security incident investigation.
• Must be able to create accurate and detailed project plans and complete them in timely manner.
• Excellent documentation skills and capable of creating comprehensive security documents such as standard operating procedures, guidelines and architecture diagrams.
• Able to fully perform the job function with minimum supervision.

Must have hands-on experience with following technologies:

• Cisco network devices
• In-depth experience with Palo Alto firewalls with all the features available in the product
• Experience with password safes (CyberArk or Beyond Trust)
• Micro segmentation technology Illumio or others
• SIEM products such as Microsoft Sentinel or others
• IDS & IPS (Vectra AI, Snort, Suricata, AlienVault, or others)
• Endpoint security products CB Application Control, Microsoft Defender and Defender ATP.
• Vulnerability scans and penetration test using Nessus, Tenable, Rapid7 Nexpose, Cobalt Strike or others..
• Open source security tools (Kali Linux, Metasploit, Nmap, PowerShell Empire, Kerberoast, TrustedSec SET and others) and network traffic analysis
• Vulnerability management with Tenable IO, Rapid7 Nexpose, Qualys or others
• Experience with Windows operating systems, Active Directory, DNS, DHCP, Microsoft SQL
• Experience with Linux operating systems (Ubuntu, CentOS RedHat)
• Experience with Windows Servers and Workstations Security
• Experience with scripts (Python, VB, Powershell and others)
• Experience with Privilege Account Management Solution (CyberArk, BeyondTrust or others)
• Microsoft M365 E5 security products and Microsoft Azure

Experience with following technologies are a plus:

• Windows Security (Credentials Guard, Application Guard and others)
• Authentic8 Silo and other isolating browsers
• E-mail protection solutions such as Mimecast, Proofpoint, Exchange Online and others
• DLP products Exchange Online DLP, Microsoft Endpoint DLP, Microsoft Azure Information Protection
• Third-party vendor remote access solution Securelink, BeyondTrust or others
• Forensics analysis using Guidance Encase platform or open source tools
• Cloudflare
• Deception Technology
• Forescout
• Vectra AI

Candidates with work experience in financial institutions, government or highly regulated industries are preferred.