Educational requirements: Bachelor
English requirements: Competent English
Requirements for skilled employment experience for years: 1-3 years
Required residence status: Temporary visa, Permanent resident, Citizen
Accept remote work: unacceptable
Mid-level InfoSec Engineer with experience in IT security areas including applications, systems and network. May also have experience in audit, compliance and governance.
Responsibilities • Monitor, investigate, respond to security incidents following the NIST SP800-61 framework • Create security incident reports to document detections, findings and remediations performed • Perform in-depth investigation to identify file, URL, or email rating from reputation services • Performs in-depth analysis on malware samples. • Perform static and/or malware dynamic analysis on suspicious files/URLs • Perform static and dynamic analysis on malware found during IR and be able create a narrative of the Cyber-Attack Chain • Serve as escalation contact for complex malware • Lead the reverse-engineering group analyzing complex malware the team handles • Hunt for known and unknown threats • Provide detailed forensics investigation report on security incidents to document detections, findings and remediations performed • Manage the virtual machines used by the team for analyzing email and file samples. • Write PowerShell and python scripts to improve the team’s efficiency in responding to threats via automation. • Contribute in setting up the company’s SOAR platform • Perform proof-of-concept on latest security technologies • Tune security tools to improve detection and response • Automate Incident Response tasks for efficiency • Work with IT team members to identify requirements, and develop processes, procedures, communications strategies and standards for Information Security operations. • Utilize logs and analysis tools to assist in Cyber threat detection and incident response activities as required. • Provides advice and guidance to users and cross IT functions on the best Information Security practices. • Assist with monthly internal anti-phishing awareness and training program.· Partner with InfoSec teams (threat intel, security engineering, pen testing) to improve the company’s security policies, processes, and technologies. • Train teammates in reversing engineering malicious scripts and executable files. • Present at internal events to improve the company’s cybersecurity awareness • Demonstrate problem solving skills that contribute towards the resolution of any issues that arise. Document solutions, processes, or procedures and present them in writing, verbally on the phone or in person. • Recommends implementation of countermeasures or mitigating controls • Work in a 24/7 environment
Qualifications • College degree in computer science, data communications, electrical or computer engineering or an equivalent combination of course work and experience. • At least 5 years working experience in the SOC or Cybersecurity-related • At least 2 years developing ServiceNow SIR playbooks and custom scripts • Current Security+, CySA+, ECIH or CHFI certification is preferrable • Proficient in malware reverse-engineering analysis • Proficient in the Att&ck Mitre framework • Familiarity in the current threat landscape • Display in-depth knowledge of security systems and the life cycle of network threats, attacks, attack vectors, and methods of exploitation. • Strong understanding of key security concepts on network segmentation, access management, vulnerability & patch management, SIEM, encryption, data security loss prevention, intrusion detection and prevention systems, anti-malware/virus, defensive threat hunting, email security • Strong understanding of Network Infrastructure and Protocols • Strong Knowledge of and ability to administer scripting languages: PowerShell, Python, Perl, PHP, Bash • Proficient in utilizing Microsoft flow to automate SOC daily investigation tasks • Understanding of diverse Operating systems such as Windows, Unix-based OS’ (to include AIX, Linux flavors, and MacOS) • Proficient in using various sandboxing, triage, malware reverse-engineering tools • Proven ability to make important decisions independently and multi-task under pressure, responding quickly to changing situations in complex environments without compromising quality
