Previous Job
Previous
PENETRATION TESTING: Lead Cyber Security Engineer
Ref No.: 18-13804
Location: Princeton, New Jersey
Position Summary:
The Lead Cyber Security Engineer works as a member of the Information Protection Office in the Information Technology Division (IT). This highly motivated individual will act as a lead network forensic analyst and incident responder to process and mitigate threats. They will provide cyber threat protection to intellectual property, networks, and sensitive data. This individual will be responsible for conducting penetration tests and vulnerability assessments as it relates to our systems.
Responsibilities:
  • Analytical triage and prioritization of concurrent incidents.
  • Analyze, respond to, and lead security incidents, including Application and Network attempted and realized breaches.
  • The incident response should include host and network based log analysis, correlation of network indicators, PCAP data, incident timeline generation, and root cause analysis among other data sources.
  • Perform daily in-depth analysis of current network threat activity and trends developing in the future.
  • Perform Application Penetrations testing as needed and analyze any findings that may result.
  • Perform Vulnerability Scans as needed and analyze any findings that may result.
  • Correlate event data for IDS systems, Firewalls, Secure Web Gateways, SIEMs, and other security systems for potential threats.
  • Initiate escalation procedure to counteract potential threats/vulnerabilities.
  • Prepare detailed written analyses of incidents with remediation and prevention documentation.
  • Document and conform to processes related to security monitoring.
  • Provide briefing of findings to both technical and non-technical senior management audiences.
  • Research and identify key indicators of compromise on the network, servers, and end user workstations.
  • Ability to deal with ambiguity and make expert judgments in situations for which little to no precedent exists.
  • Demonstrated skills for identifying and responding to IT security threats.
  • Stays alert to security threats and takes appropriate actions.
  • Ability to communicate clearly end effectively with the technical and business stakeholders.
  • Participation in teams as valued team contributor and leader.
  • Convincingly articulates requirements and execution plans for complex technical undertakings.
  • Ability to use personal influence and communications processes to align technology to business objectives.
  • Self-motivated without the need for significant management oversight.
  • Strong analytical and conceptual skills.
  • Stays alert to security threats and takes appropriate actions.
  • Works closely with the other technology areas to ensure that security is properly implemented across the environment.
  • Stays current with security technologies and makes recommendations for use based on business value
  • The Lead Cyber Security Engineer works independently with minimal supervision from a senior manager.
  • The position provides advice and direction around cyber security.
Required Experience:

Education, Certifications, or Special Licenses:
Bachelor's degree in Computer Science/Engineering or related field. May also possess an equivalent combination of education and relevant work experience from which comparable knowledge may be drawn.
Candidates with OSCP Certification is a plus.
Candidates with a combination of the following Industry certifications would also be considered:
CISSP, GPEN, GWAPT, GXPN, GPYC, and GCIH
Relevant Years of Experience Required:
  • 5 plus years conducting Penetration testing, with experience in Cyber Red or Blue Team exercises.
  • 4 years network forensic analysis experience.
  • 4 years' experience conducting analysis of log data and network devices in support of intrusion analysis or information security operations.
  • Minimum 4 years' experience with Perl, Python, or other scripting language in an incident handling environment.
Priority is on an experienced penetration tester who has forensics and incident response experience. This is a hands on engineering role. Not a PM role. Manager is seeking "do-er's”. Must have one or more of the listed certifications. Must have PENETRATION testing expertise, scripting and incident response experience. These are the TOP three skills that are REQUIRED.