Jo1595

Location: Remote (Work@Home)

Schedule: 6am – 6pm CST (40 hours per week within this daily time range) + On-call rotation approx. every 6 weeks

Duration: Full-Time

Company Background:

Our client is a global leader providing online education, assessment, remediation, certification, and e-learning solutions for the post-secondary academic market specifically serving the nursing, allied health, sports medicine, public safety, and the financial services industries. The company employs more than 900 employees in 35 states. Our client portfolio companies consist of Jones and Bartlett Learning, ATI Nursing Education, the National Healthcare Association, ExamFX, the National Academy of Sports Medicine, Boston Reed, Advanced Informatics, and ClickSafety. 

We are looking for a confident person, should not get nervous easily. This is a very critical and technical role; we expect this person to walk in the door and be able to respond to security alerts and investigate events, attacks, and activity.  

Required skills:

• Extensive experience with all phases of incident response. Five (5) years+ experience performing complex incident investigations including triage, containment, eradication, evidence collection, after-action reporting, and documentation.
• Five (5) years+ experience performing in-depth analysis of security logs and telemetry from a diverse range of sources, including endpoint, network, cloud, and e-commerce systems to identify and contain Security Incidents.
• Strong experience & skills performing incident triage and investigating attacks, malware, and suspicious activity at a process, command, and code-level.
• Mastery of Network (TCP/IP), Linux, or Windows OS server infrastructure 
• Technology experience 10+ years, 6+ years of information security
• Excellent English communication skills (written, verbal, and comprehension)
• Ability to work in an on-call rotation that covers a one week time period after normal business hours and on weekends. This requires after hours work and being logged in and online within 15 min for emergency page outs.
• Confident, energetic, driver, leader mentality
• Extremely detail-oriented
• Passionate about information security
• Good Judgement
• Proactivity
• Advanced problem solver

Experience:

• Cybersecurity expertise in incident response, monitoring and responding to security events and incidents using established processes, creating processes and procedures where none are already established.
• Experience with artifact identification outside of cybersecurity tools such as log analysis, malware detonation, and endpoint memory analysis.
• Mastery of one or more of the following: SIEM, Firewalls, IDS/IPS, EDR, Proxy, AV, DLP, EuBA, Malware sandboxing and reverse engineering, or Cloud Security.
• Familiarity with common and emerging cyber-attack techniques, TTPs, and IOCs.
• Working in a SOC or providing incident support for a security team
• Leading multi-team incident investigations (must be comfortable in a facilitation role)
• Experience identifying and mitigating web application attacks, C2 beaconing, and/or DPL/Data Exfil.
• Log/protocol analysis, writing RegEx, and experience efficiently analyzing and sifting through thousands of logs to quickly pinpoint/identify suspicious activity.
• Experience with searches in a SIEM (like QRadar or Splunk) and/or an EDR (like Carbon Black, CrowdStrike Falcon).
• Threat hunting in core security tools

Tool Experience:

• SIEM (QRadar, Splunk, LogRhythm, etc.)
• QRadar and/or CrowdStrike Raptor query languages
• Packet/Protocol Analyzers (Wireshark, Fiddler, NetWitness Investigator, NetFlow Analyzer, etc.)
• Memory Analysis Tools (Memoryze, FTK Imager, DumpIt, WinPmem, etc.)
• Regex