TEKsystems is hiring: Information Security Engineer in Raleigh
TEKsystems, Raleigh, NC, US
Job Description
Direct Placement with a Fortune 500 company
Top Skills Details
1) Security architecture or engineering experience, understand concepts and understand best practices for monitoring different platforms (Unix, Linux, Cloud, etc.).
2) Understand incident response, logging and monitoring within security. Worked in a consultative role, defining controls for different platforms, what rule sets are they trying to protect, define the threats of what they are trying to mitigate or that an analyst in a SOC would monitor for, responding to alerts with platforms. Ideally following the MITRE ATT&CK framework. Can identify threats across several types of platforms.
3) 3+ years of Splunk experience or other monitoring tools around that. Have experience looking at dashboards and parsing through Splunk to uncover issues with platforms. Used Splunk from an incident response standpoint, reading logs, etc.
Description
The Cyber Threat & Monitoring organization is building out a Platform Security Monitoring Team for the major systems to make sure these systems are monitored and to uncover issues with them.
There is an ever-growing complexity and effort to monitor the firm’s security posture and triage/investigate events of interest in a timely manner.
Plans at an operational level designing and developing technology solutions interfacing with appropriate stakeholders, management and technical resources. Facilitates and/or participates in the design, development, and implementation of large complex technology solutions supporting one or more business and/or technology areas. Develops and implements appropriate solutions that may involve multiple platforms, databases, software/hardware technologies and tools. Strong ability to multi-task in a fast pace environment of changing priorities.
This role involves serving as an escalation point for day-to-day information security operations monitoring of mission critical systems including the identification, analysis, case management and response actions of a global, complex information infrastructure for one of the world’s largest financial institutions. The candidate must have an understanding of cyber threat vectors, how they are used to exploit an information system and techniques and tools used by malicious actors to violate the confidentiality, integrity and availability of information systems. Datasets support is required for numerous ongoing initiatives to address both perimeter monitoring and privileged access monitoring efforts. This position involves collecting, analyzing, and triaging information from multiple threat sources to provide near real-time awareness and a common operating view of the environment. This role involves regular engagement with leadership and business-aligned security stakeholders.
Day to day:
- Coming in and monitoring and reviewing data, looking at dashboards, parsing through Splunk to uncover the issues,
- Understand case management, create a case, parse through Splunk, seeing this case/issue all the way to resolution
- Alerting and working with the Splunk team as well. Also, working with peer teams whose team is responsible for supporting/servicing this team, making sure the systems aren't broken, while this team is responsible for making sure everything is safe, designing the systems to be safe, making sure the right thing is being done with those systems
- Remediate the issue and hand that over to another team, do some remediation in their own team as well
-Monitoring critical payments platforms for banks (ex. anything that goes through a payment process, online banking, ATMs, anything that money flows through).
Think of this team as working as a services team between the SOC and the LOB/platform specific teams, make sure they are monitoring the right things, identify threat or risk scenarios that that platform could pose to the business, with mainframe looking for cyber threat in mainframe, develop used cases out of it, interact with monitoring team say this is what we need to be looking for and help evaluate that, work with the monitoring team to find out what are we missing to fix this, act as a tier 3 support, SMEs for different platforms on the team, that way when they are working with the platform owners or LOB owners about their risk and threat, can speak intelligently about those tools, alert goes off and the SOC team doesn't know what to do about this, this team can help with this, provide feedback loop to the LOB or the platform owners in the form of metrics, how often had we had alerts triggered, which ones were false positives, what vulnerabilities are we seeing, make sure we are monitoring the right things, hand back what we see
Meet with those LOB and platform specific teams to understand - what is deployed, how are these deployed, what technologies are out there, which technologies are deployed that you are using, what are the security you have on it, ingrained in that team, understand what that technology is
Benefits:
- High level type monitoring-this is monitoring to uncover issues and then create business cases around why it needs to get done and presenting that to their customers (Windows, Database, etc. teams)
- Fortune 500 company
- Full benefits package
- Competitive salary
- 12% annual bonus
Work Environment
Remote to start out with COVID19, then once this dies down they will need to be able to sit onsite some of the time. This position does offer some remote flexibility!
Additional Skills & Qualifications
- Case management experience - creating a case from an issue and then tracking that to completion to make sure the issue is resolved
- Understanding of Risk Matrix - reporting around here are the incidents and issues, here is the remediation standpoint
Interview Information
2 rounds - phone screen with internal recruiter and then interview with hiring manager and his team then will make a decision
Business Challenge
Our client is addressing one of the actions that came from the government around privileged monitoring and perimeter security monitoring and within that sanctions they have to make the effort and show where they are doing continuous monitoring enterprise around the entire firm in regards to platforms.