- Viewed as an expert in a specific aspect of information security.
- Undertakes complex projects requiring additional specialized technical knowledge.
- Makes well-thought-out decisions on complex or ambiguous information security issues.
- Provides architectural oversight and direction for enterprise-wide security technology.
- Ensures high-level integration of application development with information security policies and strategies.
- Stays up-to-date on the direction of emerging industry standards.
- Identifies, evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable IS security requirements are met.
- Provides technical analysis of requirements necessary for the protection of all information processed, stored, or transmitted by systems.
- Acts as a resource for direction, training and guidance for less experienced staff.
- Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation
- Strong understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols
- Good communication skills, analytical ability, strong judgment and the ability to work effectively with clients and IT management and staff
- Perform threat containment through use of threat management tools and infrastructure security controls
- Experience with log analysis, traffic flow analysis and associated infrastructure and systems that aid in the identification of malware or other malicious behavior
- Ability to participate in customer and partner facing meetings and projects, including those that involve technical topics or technical service delivery
- Support Incident Response projects to assist in deployment, tuning and configuration of new technology
- Broad technical background with strong understanding of network architectures and communications, operating systems (e.g. Microsoft and Linux), web platforms, and databases in order to respond to incidents and determine incident roots causes
- Demonstrated ability to work in a team environment
- Analyze and review cases until closure which includes investigating and recommending appropriate corrective actions for cyber security incidents and communicating with the implementation staff responsible for taking corrective actions
- Knowledge of, and experience with, TCP/IP protocol and an understanding of packet analysis tools such as tcpdump
- Monitor security systems and events to detect and investigate threats, identify and analyzing traffic trends, assess the impact of security alerts and traffic anomalies on our client’s network in order to make appropriate recommendations
- Provide supporting evidence and tactical responses resulting from technical analysis and direction of forensic investigations
- Working knowledge of common cyber security incident types such as denial of service attacks, malicious software infections, active intrusion techniques, and misappropriate use scenarios
- Provide research, analysis, and response for alerts; including log retrieval and documentation
- Experience utilizing a broad array of security tools including Security Information and Event Management (SIEM) system, intrusion detection systems, web proxy systems, routers, switches, firewall deployment and other tools used to assess network security
- Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
- Knowledge of various tools and techniques used to analyze traffic for malicious activity and perform packet analysis
- Must be able to work well under pressure while maintaining a professional image and approach
- Develop and maintain standard operating procedures to reflect day-to-day security operations
- Work with stakeholders during incidents to mitigate the incident and improve the security posture to reduce the likelihood of an incident occurring
- Familiar with log and event correlation tools (e.g., Splunk) and able to perform queries and reviews of alert information to determine possible security incidents
- Understanding of various forensic tools such as EnCase or FTK
- Bachelor’s degree in information technology, cyber security, intelligence analysis or related field or 2+ years of combined technical and cyber security experience OR 6 years of cyber security focused or related IT experience.
- Industry recognized certification in cyber security such as GCIA, GCIH, CISSP or similar are a plus.
- Scripting ability in Python, Perl and an understanding of command line tools such as grep and tcpdump preferred.
If interested, please email resume to firstname.lastname@example.org
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178