Cyber Defense Senior Specialist - SOC

Citizens Middletown , RI 02842

Posted 2 months ago

Description

In this role you will be an individual contributor in the Cyber Defense (CD) Security Operations Center (SOC), responsible for performing security monitoring, intrusion analysis, incident handling, data loss prevention, privileged user monitoring, security incident management, malware detection/eradication, and recognizing hacker/incident response tactics, techniques, and procedures.

You will have responsibility for one or more of the security systems aligned with their specific function, either directly or indirectly; and will be a technical authority for critical operational decisions having significant impact to the organization with authority extending beyond the team to include both technology and business line areas in security-related decisions.

This role requires the incumbent to know the latest security technology, the threat landscape, and emerging threats. The incumbent will act as a domain specialist in their specific disciplines and will provide management with needed recommendations.

The individual will be:

  • Performing ongoing monitoring and threat analysis, analyzing logs, netflow data, and packet capture

  • Identifying potential IT security incidents and calling out information to appropriate IR senior staff

  • Assessing threat and vulnerability information from all sources (both internal and external) and promptly applying applicable mitigation techniques

  • Developing meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk

  • Using information from cyber security tools and processes, assessing potential security and business impacts while presenting recommendations to management

  • Representing Cyber Defense as needed on security-related or risk-related initiatives or working groups where technical skills and security expertise are required.

  • Proactively protecting, monitoring, investigating and resolving threats to secure user environment and company assets

  • Providing direction and guidance to more junior staff on a team of security and technical professionals

Qualifications

Experience and Skills:

  • 3 or more years of security industry experience preferably in a SOC environment

  • Experience with the following highly desirable:

  • Security Information and Event Management Tools (QRadar, Archsight, etc.)

  • Intrusion Prevention Tools

  • Database Security Tools (Guardium)

  • Data Loss Prevention Tools (Symantec, Websense, etc.)

  • Firewalls (Cisco, Palo Alto, Check Point etc.)

  • Application Security Tools

  • Vulnerability tools

  • Cyber Security Incident Response

  • Network Intrusion Detection Systems (SourceFire, McAfee, etc.)

  • Host Intrusion Detection Systems

  • Security Analytics (Solera, NetWitness etc.)

  • Demonstrated spoken and written communication skills with the ability to communicate technical concepts to non-technical audiences

  • Experience adapting and demonstrating flexibility while working in a dynamic environment

Education and Certifications:

  • Bachelor's Degree or equivalent combination of experience
  • A combination of relevant industry certifications preferred (e.g. CISSP, CISM, GCIH, GCIA, CEH, GCED, CISA, CISM)

Hours & Work Schedule

Hours per Week: 40

Work Schedule: Monday through Friday 8:30AM - 5:00PM

#LI-Sourcer1

Why Work for UsAt Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.Equal Employment OpportunityIt is the policy of Citizens to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, colleague or a dependent's reproductive health decision making, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, genetic characteristic, citizenship, veteran or military status, marital or domestic partner status, family status/parenthood, victim of domestic violence, or any other category protected by federal, state and/or local laws.Equal Employment and Opportunity Employer/Disabled/VeteranCitizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Defense Senior Content Engineer

Citizens

Posted 5 months ago

VIEW JOBS 3/17/2021 12:00:00 AM 2021-06-15T00:00 Description The Cyber Defense Senior Content Engineer is a senior individual contributor responsible for developing, maintaining, troubleshooting, tuning and documenting security tool content/rules used for detecting cyber-attacks, intrusions, and data loss incidents. The individual will possess a deep understanding of security use cases and the ability to apply them to event data in support of the Security Operations Center's (SOC) monitoring and response efforts. The Senior Content Engineer will work across multiple technology platforms and interface with other groups at the bank within Corporate Security & Resilience, Technology Services, and the business lines. Primary responsibilities include: * Developing content for SIEM and other SOC tools to implement use cases and transform them into correlation queries, templates, rules, and alerts across multiple cloud environments and on-premises technologies. * Creating technical documentation for the content deployed. * Monitoring the health and performance of the security tools after deploying and tuning content. * Integrating cyber threat intelligence into defensive systems. * Developing reports, dashboards, workflows and metrics to meet the requirements of stakeholders. * Collaborating on SIEM functional requirements such as logging, event collection, normalization, correlation, reporting and customization. * Supporting the Security Engineering team with SOC related technical issues and incidents. * Support content creation and tuning efforts 24x7 as needed. Qualifications Required Skills/Experience: * Excellent understanding of Cybersecurity Operations and Incident Response processes. * Knowledge of Security Information and Event Management (SIEM) technologies (Splunk, QRadar, etc.) * Advanced knowledge of content creation/tuning concepts and best practices. * Experience working with cloud computing platforms such as Amazon Web Services, Azure, and Office365. * Solid understanding of events, related fields in log records, and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies. * Solid understanding of various operating systems (Window, Unix, Linux, AIX, etc). * Strong ability to develop regular expressions. * Ability to automate tasks using a preferred language (e.g. Python). * Excellent oral and written communications skills. * Strong analytical skills. * Self-motivation with the ability to work under minimal supervision. Preferred Skills/Experience: * 5 years of proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing, preferably Splunk. * Experience with SOC technologies such as IDS/IPS, UTM firewalls, EDR, anti-virus, network-based threat detection, and netflow. * Strong understanding of enterprise logging standards. * Strong understanding of security tools related to Data Loss Prevention and Privileged User Monitoring. * Understanding of cyber kill chains and campaign strategies. * Ability to interact with common APIs. * Proven successful working relationships with teams outside of Cybersecurity. Education, Certifications and/or Other Professional Credentials: * Bachelor's Degree (Security / IT Related) or equivalent combination of experience * A combination of relevant industry certifications including, but not limited to CISSP, GREM, GCIH, GCIA, CEH, GCED, CISA, etc. Hours and Work Schedule Hours per Week: 40 Work Schedule: Monday through Friday 8:30AM - 5:00PM This position is not available in Colorado #LI-Sourcer1 Why Work for UsAt Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.Equal Employment OpportunityIt is the policy of Citizens to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, colleague or a dependent's reproductive health decision making, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, genetic characteristic, citizenship, veteran or military status, marital or domestic partner status, family status/parenthood, victim of domestic violence, or any other category protected by federal, state and/or local laws.Equal Employment and Opportunity Employer/Disabled/VeteranCitizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates. Citizens Middletown RI

Cyber Defense Senior Specialist - SOC

Citizens