Search for More Jobs
Forward job to a friend
Apply without Registering
Apply by creating/using an account
Please enter your registered email address, and we'll email you a link to reset your password right away.
Digital Forensics and Incident Response (DFIR) responds to Security and Privacy incidents across Client (Client) business segments and supports objective and professional analysis and response to security policy violations.
This position will be responsible for creating and managing custom detection and disruption content used by the Security Operation Center as well as other countermeasures that identify and eliminating Information Systems threats. Client defines "content” as any specific custom alert, report, dashboard, or other such custom rule. The ideal candidate will have excellent analytical skills, strong technical skills in the identified technology areas, and fundamental understanding of security applications, and cyber security, or statistical analysis, concepts.
• Develop custom content to support, and enhance, Security Operation Center monitoring, detection and investigative capabilities.
• Leverage agile concepts and Kanban methodology to develop content.
• Lead small projects to delivery by established deadlines.
• Utilize the DFIR Content Governance site to ensure all custom content is inventoried and compliant with DFIR processes and best practices
• Manage the lifecycle of all content to include periodic review of all content and regression testing
• Able to work with primary and secondary stakeholders to create content, dashboards, or reports that meet their requirements
• Engage with owners of new technologies to facilitate data onboarding.
• Perform data parsing and normalization functions against disparate data sets
• Present graphic models for presentation to decision makers.
• Deliver work product demonstrations for review and acceptance.
• Ability to create advanced Splunk custom queries, reports, dashboards, visualizations, and alerts (min 3+ yrs direct experience).
• Ability to incorporate transforms, drilldowns and workflow actions into search content.
• Experience working with large data sets (min 3+ yrs direct experience).
• Understanding of statistical learning models for data analysis (min 1+ yrs experience).
• Ability to develop and apply data models to network, application, and system event data for the purpose of identifying anomalies, trends and to produce forecasts in support of device health, performance and utilization, and security monitoring and alerting services. (min 1+ yrs experience)
• Ability to research and recommend Splunk technical add-ons, applications, and workflow enhancements in line with organization strategies. (min. 3+ yrs experience)
• Understand windows logging taxonomy and event ID's (min 1+ yrs experience)
• Experience with one or more scripting languages such as Perl, Python and PowerShell.
• Must be process and detailed oriented and possess good documentation, written and verbal communication skills.
• Familiarity with agile concepts.
• Familiarity with cyber security issues and incident response techniques.
• Excellent problem solving skills with ability to diagnose/troubleshoot technical issues.
• Familiarity with network security, basic routing principles and networking fundamentals, and well-known protocols and services (e.g. FTP, SSH, SMB, LDAP).
• Ability to fully utilize MS Office products.
• Associate's Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.
• Solid understanding of Information Security and Networking required.
• Outstanding time management and organizational skills required.
• Ability to work both independently and as part of a team with little supervision
• Customer-oriented focus required, with a strong interest in a satisfied client.
• Minimum 5 years of general IT experience with a variety of operating systems including Windows, Linux or UNIX in a functional capacity.
• Minimum 3 years working as a Security Operations Center engineer leveraging Splunk to create custom content including but not limited to; alerts, reports, dashboards, and application research.
• Minimum 1 years working as a Security Incident Response professional preferred.
• Minimum 1+ years data analysis experience using statistical analysis techniques (considered in lieu of security and networking experience)
• Minimum 1+ years of experience working directly with data science related languages or tools with direct experience using python and Splunk (considered in lieu of security and networking experience).
• Previously an intermediate windows system administrator or network security administrator (1+ yrs direct experience) preferred.
Preferred locations for this position are St. Louis, MO and Franklin Lakes, NJ, however, all candidates will be considered.
Apply by creating/using an account