Cyber Platform

Description and Requirements
Position Summary
As an experienced Cyber Security professional, candidate will establish, maintain and continually refine baseline standards that protect our organization and customers. Candiate will take proactive lead on incident response, risk reviews, vulnerability assessments, identifying threats and provide hands-on solutions using best practices, new policies, and emerging trends. The position requires experience with CyberSecurity related tools, full-stack hand-on programming abilities, deep knowledge of data structures and fundamental algorithms, data analytics and ability to analyze, design and develop new solutions and approaches quickly. Ability to evangelize, envision new proof of concepts, implementation, integration and coordination as well as familiarity with SCRUM are considered plus.

• Assess the capacity of the existing collectors, build new collectors and load balancing to expand the logging capacity.
• Manage SIEM data source onboarding using DevOps and Agile approaches.
• Collaborate with operational teams for logging agent deployment and maintain the wrapper scripts.
• Troubleshoot data source connection issues and parse event logs.
• Monitor system performance, the health of data sources and collectors to ensure continuous logging of the data sources.
• Implement SIEM rules for security detection and regulatory compliance.
• Create reports and provide actionable metrics to management.
• Provide audit support for the SIEM platforms.

Knowledge, Skills and Abilities
Education

• Bachelor's degree in computer science, information systems or related field.

Experience

• 12+ years of total experience with 8+ years of related experience in Cyber Security, Incident Response, Information Security and/or Information Technology.
• 6+ Experience in Security Information and Event Management (SIEM).
• Experience in Security Orchestration, Automation, and Response (SOAR) solutions, and endpoint security solutions.
• Strong communication skills, both written and verbal.

Knowledge and skills (general and technical)

• Strong Python/ PowerShell/ C#, .NET / API development experience.
• Advanced troubleshooting skills (eg: wireshark, host forensics, log analysis and debugging).
• Strong understanding of general incident response methodologies, threats and vulnerabilities, cyber security practices, and security tool architectural and engineering principles.
• Understanding of national and international laws, regulations, policies and ethics related to cybersecurity.

Other Requirements (licenses, certifications, specialized training - if required)
Working Relationships
Internal Contacts
(and purpose of relationship):

• All Internal GOSC Stake Holders

External Contacts
(and purpose of relationship) - If Applicable

• Stateside Client/ Engineers from different regional Security teams (Such as Country/Regional Head for Monitoring/Containment)

#BI-Hybrid