Job Details

Job Purpose

This is a customer facing position with the mission of managing technical security controls and effectively managing and communicating vulnerabilities, exploits, and incidents to appropriate operations teams while tracking metrics in order to assist the customer in managing risk. Recommending new controls and evaluating new technologies to reduce or mitigate risk. This position is seen as an SME role with a high level of technical ownership.

Essential Functions

• Perform security assessments or review of both inter-company and external customers' enterprise environment. While working with customer technical and executive staff, review the state of various technical and organizational controls processes, and policies.
• Perform gap analysis, comparing state to widely accepted best practices from vendors, regulatory and compliance bodies, and the security community at large. Document these gaps, along with sensible and relevant recommendations, in findings reports that satisfy the needs of both a technical and non-technical audience.
• Perform vulnerability scans and penetration tests of customer environments and controls. Using expertise in operation of commercial and open‑source assessment tools, identify configuration flaws, missing patches, and gaps in defenses that could be exploited by attackers. Assessment types will include social engineering and phishing, wireless, mobile device, and physical security, and web application penetration tests.
• Assist internal staff with security needs. Provide recommendations for security architecture, processes and technologies. Write technical policy, processes, procedures, standards and other documentation. Perform security research, furthering individual and team understanding of the threat landscape, as well as cutting‑edge security technologies.
• Attend security conferences and participate in local security community events. Evaluate products and tools that can improve the security services team's offerings, and provide value to customers.
• Leadership role in cultivating and maintaining relationship with internal and external customers, vendors and partners.
• Act as technical SME and work all technical escalations from the global security operations team including outages and incidents. Lead technical troubleshooting or incident handling events/calls on behalf of the client's security operations team and with the Network, Compute, and Client Operations Teams, internal and external information providers, and others as appropriate.
• Lead all aspects of planning, documentation, and process development of client's global security operations; drive development of technical procedures and guidelines for implementation and management of security services and ensure compliance with requirements.
• Lead technical project efforts for the client's security operations team.
• Participate in expansion of new opportunities with existing customers as they expand their global security operations requirements.
• Provide insight and demonstrated technical leadership to the global security operations marketplace.
• Must be available 24x7 for emergencies and call outs.

Education

• Four years of college resulting in a bachelor's degree or equivalent.

Certifications, Accreditations, Licenses

• One or more of the following certifications dependent on actual role: Advanced GIAC/SANS certifications – GCIH, GCIA, GCFE, GCFA, GREM, GIAC, GSEC, GWAPT, or Offensive Security – OSCP, OSWP, OSWE; ISACA – CISM, CISA, ISC‑Squared; CISSP; CompTIA Security+.

Experience

• 7 to 10 years in related field.
• Experience in senior‑level roles such as IT security architect, IT security engineer, IT security auditor, cyber‑security analyst, cyber‑intelligence analyst.
• Must be able to obtain additional federal security clearances.

Special Knowledge, Skills and Abilities

• Ability to conduct technical training and instruction.
• Experience with public speaking and ability to present on technical topics.
• Enterprise IT security architecture experience across networking, systems, applications, and cloud computing environments.
• Strong demonstrated skills in multiple enterprise‑level OS environments including Microsoft Windows, Linux, and Unix. Strong understanding of network communications (TCP/IP, Ethernet, WAN/LAN technologies).
• Exceptional research and analysis experience.
• Risk assessment experience and auditing experience.
• Direct CIRT experience with a targeted (APT) and crimeware threat program (dependent on position).
• Knowledge of information security threat types, their composition, and IOCs. Dynamic malware analysis experience.
• Knowledge of attacker tactics, techniques, and procedures (TTPs) used by APT, cyber‑crime and other associated threat groups.
• Experience analyzing common types of attacks, cyber‑crime, APT, etc.
• Experience with Splunk or similar log analysis tools and reviewing security events.
• Knowledge of intrusion analysis, network and host forensics. Scripting experience (Python, Perl, Ruby) is a plus.
• Working knowledge and experience with standard security solutions and architectures.
• Working knowledge of application architectures, web architectures, databases, and network architectures.
• Experience securing Windows NT, Windows 2000, Windows XP environments, Unix, and Linux.
• Experience securing J2EE application (Weblogic, JBOSS) and web server (SunOne, Apache) platforms.
• Familiarity with accepted security standards – ISO 27001, NIST 800‑53, SANS Consensus Audit Guidelines – as well as regulatory compliance regulations – PCI‑DSS, Sarbanes‑Oxley, HIPAA/HITECH, FFIEC, FISMA, FERC/NERC, and trade‑control regulations for DoS (State Department), DoC (Commerce Department) and DoE/NRC (Energy Department, Nuclear Regulatory Commission).
• Experience in secure network configurations.
• Solid communication skills (leading, influencing experience), verbal and written, including documentation (design and training) and coaching of other developers as they migrate to portal frameworks.
• Experience securing relational databases (e.g., Oracle).
• Experience with security testing and auditing tools such as WebInspect, Qualys/ISS scanners, and nmap.

Supervisory Responsibility

This position does not have employee direct reports but serves as a lead role for others doing similar work.

Salary Range

$100,000 – $150,000 per year.