Jo1614

Location: Remote (Work@Home)

Schedule: 6am – 6pm CST (40 hrs a week within this range of hours).

Duration: Full-Time

Company Background:

Our client is a global leader providing online education, assessment, remediation, certification, and e-learning solutions for the post-secondary academic market specifically serving the nursing, allied health, sports medicine, public safety, and the financial services industries. The company employs more than 900 employees in 35 states. Our client portfolio companies consist of Jones and Bartlett Learning, ATI Nursing Education, the National Healthcare Association, ExamFX, the National Academy of Sports Medicine, Boston Reed, Advanced Informatics, and ClickSafety.

We are looking for a confident person, should not get nervous easily. This is a very critical and technical role; we expect this person to walk in the door and be able to own the management of the ZScaler tool and investigate events, attacks, and activity.

Required Skills:

• ZScaler tool expert, not just admin.  2 years+, experience performing in-depth activity investigations, searches & queries, in-depth understanding of ZScaler logs, and logging field format strings.
• Experience managing an enterprise Zscaler ZIA deployment and policy customization, in-depth understanding of PAC file and/or WPAD, and experience troubleshooting connectivity and performance issues.
• Strong experience & skills performing incident triage and investigating attacks, malware, and suspicious activity at a process, command, and code-level.
• Strong regex experience
• Strong Windows OS server infrastructure knowledge
• Technology experience 10+ years, 6+ years of information security
• Excellent English communication skills (written, verbal, and comprehension)
• Confident, energetic, driver, leader mentality
• Extremely detail-oriented
• Passionate about information security
• Good Judgement
• Proactivity
• Advanced problem solver

Experience:

• Working in a SOC or providing incident support for a security team
• Leading multi-team incident investigations
• Experience identifying and mitigating web application attacks, C2 beaconing, and/or DPL/Data Exfil.
• Log/protocol analysis, writing RegEx, and experience efficiently analyzing and sifting through thousands of logs to quickly pinpoint/identify suspicious activity.
• Experience with searches in a SIEM (like QRadar or Splunk) and/or an EDR (like Carbon Black, CrowdStrike Falcon).
• Threat hunting in core security tools

Tool Experience:

• Zscaler ZIA
• QRadar and/or Splunk query language
• Regex