Senior Consultant - Secruity Operations

Responsibilities:

 • Define, identify, and classify information assets, assess threats and vulnerabilities regarding those assets, as well as recommend appropriate information security controls and measures.

 • Detect, analyze, respond to, and lead security incidents, including Application and Network attempted and realized breaches. The incident response should include host and network-based log analysis, correlation of network indicators, PCAP data, incident timeline generation, and root cause analysis among other data sources.

 • Correlate event data for IDS systems, Firewalls, Secure Web Gateways, SIEM, and other security systems for potential threats.

• Create and modify Kusto Queries (KQL functions) for Azure Sentinel analysis and investigations.

• Research and identify key indicators of compromise (IOC) on the network, servers, and end user workstations.

 • Investigate and analyze causes, patterns and trends that can pose a risk to data integrity and information systems.

• Investigate security breaches and create actionable plans to address risks.

• Prepare detailed written analyses of incidents with remediation and prevention documentation.

• Provide briefing of findings to both technical and non-technical senior management audiences and business stakeholders.

 • Maintain current knowledge on a wide range of security issues including architectures, firewalls, electronic data traffic and network access.

 • Stays current with security news, attacks, threats, vulnerabilities, and technologies and implementing new defenses to secure the threat landscape.

• Adhere to ethical standards and comply with the laws and regulations applicable to the job function

Education, Certifications, or Special Licenses:

• A bachelor’s degree in Computer Science, Computer Engineering or an equivalent combination of education and experience from which comparable knowledge and abilities can be acquired

. • GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Network Forensic Analyst (GNFA), AWS Certified Security – Specialty or other industry relevant certifications (Cloud-focused).

 Relevant Years of Experience Required:

• Minimum 3+ years of progressively responsible experience in an Information Security and/or Cyber Operations environment for mid to large sized organization with familiarity of industry-standard security solutions.

• Minimum of 3 years’ experience with Perl, Python, or other scripting language in an incident handling environment. • Cloud Security experience required.

 • Experience with core AWS services such as EC2, VPCs, S3, SNS, Lambda, CloudWatch and CloudTrail and AWS security consoles such as Guard Duty, Macie, etc. is a plus

Other Requirements:

 • Strong hands-on cyber security skills, experience and demonstrated competency pertaining to cyber threats, information security, monitoring, detection and responding to security incidents.

 • Strong knowledge and understanding of incident response phases (detection, triage, incident analysis, remediation, and reporting), threats, vulnerabilities, and exploits.

• Proven experience designing, implementing, and managing innovative solutions to complex security and infrastructure environments.

• In-depth understanding of operating systems, network/system architecture, protocols, and enterprise services, and enterprise architecture design.

• Ability to analyze different data types from various sources and draw conclusions regarding past and potential current security incidents.

• Experience and/or knowledge of Security Information and Event Management (SIEM) systems.

• Capability to quickly script and parse data.

• Ability to work independently, self-motivate and work within a team environment.

 • Strong critical thinking, analytical and technical problem-solving skills.

• Excellent verbal and written communication skills.