Address
Form of workJob Requirements:
• Strong written and verbal communication skills.
• Experience designing, implementing, and maintaining IT security systems to protect digital assets from malicious cyber-attacks.
• Experience developing and implementing an annual Incident Response Training and Testing Program
• Experience implementing, configuring, and administering SIEM and IDS products to ensure proper visibility into the environment and compliance requirements.
• Ability to investigate, triage, contain, and mitigate complex cybersecurity events and incidents using various cyber security tools
• Possess knowledge and experience across the information security domain such as Endpoint Security, SIEM, IDS/IPS, Packet Capture Analysis, Incident Response, and Cyber Threat Intelligence.
• Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating diverse data sets.
• Experience with designing, administrating, and maintaining tools such as:
o Splunk
o MS G5 Security tools suite,
o Anti-virus solution such as Cylance,
o Network Access Control through Cisco AnyConnect,
o Geofencing and asset management through Absolute, and
o Data loss prevention (DLP) through Symantec
Education/Certifications/Licenses:
• Active Public Trust clearance or higher
Additional Experience Preferred:
• The ideal candidate will be a versatile engineering subject matter expert comfortable with designing, deploying, and managing enterprise security solutions.
• Knowledge of risk and how to measure risk with respect to IT systems.
• Knowledge of IT systems used in health care or health research.
• Experience supporting post-incident recovery, conducting lessons learned with stakeholders, identifying recommended corrective action plans, and providing after action reports.
• Experience supporting the coordination of incident management activities across relevant teams and keeping stakeholders abreast on response efforts.
• Incorporate corrective action plans into the system POAM and risk management activities.
• Coordinating testing of and updates to Incident Response Plans.
Position Responsibilities:
• Actively search for Indicators of Compromise (IOC) and suspicious activity leveraging all provided tools such as Splunk, MS G5 Security tools suite, Cylance, Cisco AnyConnect, Absolute, and Symantec.
• Develop, monitor, and maintain reporting, alerts and dashboards within Security Information Event Management (SIEM) tools to facilities identification of Indicators of Compromise (IOC) and facilitate threat detection and response activities.
• Participate as a senior role in the Cyber Security Incident Response activities to employ strategy, standards, processes, and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
• Conduct open-source intelligence gathering including keeping abreast with threat landscape, CISA bulletins and alerts, and industry forums.
• Work with various internal teams to identify gaps and expand coverage of endpoints, logging and network tooling to improve monitoring and response capabilities
• Support the development of processes for identifying and responding to potential threats identified with the dashboards/reports, and facilitate risk reduction actions such as quarantining systems, processes, and accounts.
• Review threat intelligence reports and feeds, make recommendations and lead implementations for profile or toolset changes based on reviews.
Skills & Requirements Qualifications
NOTES:
Iron Vine Security is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws.
Iron Vine Security is a federal contractor. As such, we are subject to an Executive Order requiring all employees of federal contractors to be fully vaccinated for COVID-19 by December 8, 2021. Therefore, by applying for this position, you understand that you will be required to verify that you have been, or will be, fully vaccinated by December 8, or to verify that you cannot be vaccinated due to a legally recognized exception to the vaccine mandate set forth in the Executive Order.
Note: An individual is not considered to be fully vaccinated until two weeks after receiving the second vaccine dosage in a vaccine regimen involving two vaccines.
• Strong written and verbal communication skills.
• Experience designing, implementing, and maintaining IT security systems to protect digital assets from malicious cyber-attacks.
• Experience developing and implementing an annual Incident Response Training and Testing Program
• Experience implementing, configuring, and administering SIEM and IDS products to ensure proper visibility into the environment and compliance requirements.
• Ability to investigate, triage, contain, and mitigate complex cybersecurity events and incidents using various cyber security tools
• Possess knowledge and experience across the information security domain such as Endpoint Security, SIEM, IDS/IPS, Packet Capture Analysis, Incident Response, and Cyber Threat Intelligence.
• Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating diverse data sets.
• Experience with designing, administrating, and maintaining tools such as:
o Splunk
o MS G5 Security tools suite,
o Anti-virus solution such as Cylance,
o Network Access Control through Cisco AnyConnect,
o Geofencing and asset management through Absolute, and
o Data loss prevention (DLP) through Symantec
Education/Certifications/Licenses:
- Bachelor of Science degree in computer science, programming, information systems, or related discipline
- GIAC Certified Intrusions Analyst (GCIA), GIAC Certified Incident Handler (GCIH) and Certified Information Systems Security Professional (CISSP) is preferred
- 5+ years of experience in the Information Security, Cyber Network Defense or Cyber Security domain
• Active Public Trust clearance or higher
Additional Experience Preferred:
• The ideal candidate will be a versatile engineering subject matter expert comfortable with designing, deploying, and managing enterprise security solutions.
• Knowledge of risk and how to measure risk with respect to IT systems.
• Knowledge of IT systems used in health care or health research.
• Experience supporting post-incident recovery, conducting lessons learned with stakeholders, identifying recommended corrective action plans, and providing after action reports.
• Experience supporting the coordination of incident management activities across relevant teams and keeping stakeholders abreast on response efforts.
• Incorporate corrective action plans into the system POAM and risk management activities.
• Coordinating testing of and updates to Incident Response Plans.
Position Responsibilities:
• Actively search for Indicators of Compromise (IOC) and suspicious activity leveraging all provided tools such as Splunk, MS G5 Security tools suite, Cylance, Cisco AnyConnect, Absolute, and Symantec.
• Develop, monitor, and maintain reporting, alerts and dashboards within Security Information Event Management (SIEM) tools to facilities identification of Indicators of Compromise (IOC) and facilitate threat detection and response activities.
• Participate as a senior role in the Cyber Security Incident Response activities to employ strategy, standards, processes, and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
• Conduct open-source intelligence gathering including keeping abreast with threat landscape, CISA bulletins and alerts, and industry forums.
• Work with various internal teams to identify gaps and expand coverage of endpoints, logging and network tooling to improve monitoring and response capabilities
• Support the development of processes for identifying and responding to potential threats identified with the dashboards/reports, and facilitate risk reduction actions such as quarantining systems, processes, and accounts.
• Review threat intelligence reports and feeds, make recommendations and lead implementations for profile or toolset changes based on reviews.
Skills & Requirements Qualifications
NOTES:
Iron Vine Security is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws.
Iron Vine Security is a federal contractor. As such, we are subject to an Executive Order requiring all employees of federal contractors to be fully vaccinated for COVID-19 by December 8, 2021. Therefore, by applying for this position, you understand that you will be required to verify that you have been, or will be, fully vaccinated by December 8, or to verify that you cannot be vaccinated due to a legally recognized exception to the vaccine mandate set forth in the Executive Order.
Note: An individual is not considered to be fully vaccinated until two weeks after receiving the second vaccine dosage in a vaccine regimen involving two vaccines.
