Cyber Security/Threat Management/SOC

Hybrid Role for Mid-level Cyber Security / Threat Management/SOC (7/9 Total IT Exp))

(At least 2/3 days to the office):

TASKS & Scope of work :

Serve as the escalation point for high-profile cybersecurity incidents

Engage in malware analysis, digital forensics, and campaign assessments; and harmonizes response activities in the JSOC among OTI, City departments, and state, federal, and private partners.

Work with cyber intelligence teams to identify new cyber threats and campaigns and proactively deploy countermeasures

Prioritize incident response activities and coordinate response efforts among City departments and external partners

Investigate cybersecurity incidents through log, file, and malware analysis

Perform memory, network, and host forensics

Devise appropriate remediation strategies and assist affected City agencies in containing, eradicating, and recovering from cybersecurity incidents

Develop post-incident action plans to improve Mean Time to Detect and Mean Time to Respond

Maintain knowledge of current cyber threat campaigns and tradecraft

Proactive threat hunting to identify, counter, and recover from advanced adversaries

Design, build and enhance cyber-incident detection tools and capabilities

Participate in on-call rotation

MANDATORY SKILLS/EXPERIENCE

Minimum 4 years of experience in Threat Management/SOC/Incident Response environment performing security event and incident detection and handling in an operational environment.

DESIRABLE SKILLS/EXPERIENCE:

Previous experience working as a part of an IT Security team

Formal education or a strong background in Computer Science, Computer Engineering or similar experience

Incident response experience responding to advanced adversaries

Active knowledge of current trends in computer security, software/hardware vulnerabilities

Active interest in current security research

Ability to work as part of a CERT which may require rotational weekday/weekend on-call coverage

Strong sense of teamwork, an inquisitive mind, and the desire to share knowledge

Ability to understand and implement technical vulnerability corrections

Experience in web application security assessment and/or penetration testing

Experience with hybrid cloud environments

Experience conducting static and dynamic malware analysis

Experience with automation, scripting (Python, PowerShell, etc.)

Understanding of intrusion analysis

Knowledge of multiple operating systems internals (Windows, Linux, OS X)

Host and network forensics

At least one of the following industry certifications:

o SANS GIAC: GCIA, GCIH, GCFA, GCFE, GNFA, GREM, GPEN, GWAPT, GXPN, GDAT

o Offensive Security: OSCP