Cyber Security Engineer
2415 Cascade Pointe Boulevard Charlotte, NC 28208
Position Title: Senior Cyber Security Engineer
Senior Cyber Security Engineer is responsible for technical implementation of technical security controls (Firewall, IPS, Proxy Servers), threat management, vulnerability management, protection controls, forensic investigation, security event monitoring and incident detection tasks.
The candidate must be a self-starter capable of multitasking and efficiently manage their time in a dynamic environment with demanding deadlines while requiring minimal levels of supervision. Additionally, the candidate must possess excellent writing, speaking, analytical, project management, organizational, collaboration and customer service skills that will assist them in identifying solutions to complex security problems. This position reports to the Manager of Cyber Security Engineering & Operations.
Responsibilities include but not limited to threat management, vulnerability management, incident response, insider threat, perimeter security, logging, anti-phishing, white hat ethical hacking (blue team, red teams) and forensic investigation. This position will serve as a technical escalation point for other engineers.
- Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis to analyze and triage cyber security events e.g. SIEM (Qradar, Splunk, Solarwind) IDS, IPS, firewall, etc and perform continuous hunt activities across the environment.
- Strong networking background with personnel experience in the continued enhancement of network security devices for micro-segmentation and enterprise application protection.
- Strong background of evaluating, creating and deploying global scale protection solutions with tailoring and adaptation plans reducing risk and internal support acceptance.
- Be able to reconstruct cyber events, assess cyber threat and scope of impact, identify and track any internal lateral or external movement, and develop response solutions.
- Research and track new exploits and cyber threats, lead containment of threats and remediation of the environment during or after an incident.
- Lead cursory and/or in-depth insider threat analysis (i.e. packet captures, endpoint behaviors, etc.), or collaborate with peers when appropriate for hand-offs/escalations.
- Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering.
- Enhance detections, alerts and other cyber event correlation rules to reduce false positives.
- Oversee execution of established operational processes and procedures by SOC analysts to analyze, escalate, and lead remediation of security incidents.
- Ability to analyze current technology capabilities and develop/produce/deliver technical enhancement plans with consideration of integration capability in a global setting.
- The successful candidate must also serve in a digital forensics capacity. This includes the creation of a forensically sound duplicate of evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes
- Bachelor' s Degree (BS) in Cybersecurity, Information Security, Computer Science, Information Assurance, or equivalent experience will be considered.
- Cisco Certified Internetwork Expert (CCIE) Security or equivalent experience required
- Juniper Network Certified Expert Security (JNCIE-SEC) or equivalent experience
- PaloAlto Certified Network Security Engineer (PCNSE) or equivalent experience
- Other Certifications: GIAC Certifications (GCIA, GCIH, GMON, GPPA or GCED), EC-Council (CEH, ECSA, CHFI) or equivalent experience
- Should have in depth experience with Firewall engineering concepts (such as CISCO, Palo Alto), security forensics and incident response.
- Intermediate knowledge of cyber defense mitigation techniques and vulnerability assessment tools, including open source tools, and their capabilities.
- Intermediate knowledge of cryptography and cryptographic key management concepts, penetration testing principles, tools, and techniques (e.g., metasploit, neosploit).
- Intermediate knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Intermediate knowledge of system administration, network, and operating system hardening techniques.
- Intermediate skill in using incident handling methodologies.
- Strong organizational and interpersonal skills needed to work effectively with a wide variety of internal and external resources.
Strong decision-making skills and ability to work under pressure.