2 open roles. Need 3-4 solid candidates by COB 7.16
This role will be engaged in the reactive adaptation of the current SOC operations process to improve alert accuracy, workflow efficiency and mitigate security concerns.
• Be knowledgeable of existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.
• Responsible to create/maintain security monitoring dashboard, rules and alerts using SIEM
• Recommend enhancements to monitoring systems used to detect and report security violations
• Identify and update security monitoring gaps using Mitre Attack framework
• Assist in first response support to correct improperly implemented rules and alerts and emerging threat intelligence.
• Triage advanced vector attacks such as botnets and advanced persistent threats (APTs).
• Recommend tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems.
• Must have the ability to take direction and change based on business needs and changes in security systems used by the bank and become proficient in new processes as they are added.
• The Cyber Operations Security Specialist must communicate effectively and professionally to a wide range of other support groups to help tune and enable effective alert logic.
• The Cyber Operations Security Specialist must work within a highly collaborative team during wide scope activities when they occur.
• Recommend and develop on-demand dashboards, rules, alerts, and reports using Splunk SIEM
• Develop and maintain internal applications and scripts to automate or improve SOC operations
• Develop workflow automation within “Splunk Phantom” to improve the operational efficiency of GSOC
• Assist in developing use cases to fulfill gaps that may be identified using several security tools
• Work closely with Application Security Team and observe security penetration testing efforts to identify opportunities to improve security processes and recommend changes as need.
• Be able to communicate findings or new rule logic on a technical and logical level to teams and leadership
• Have the ability to communicate confidently and professionally.
• The Cyber Operations Security Specialist must comprehend and understand a problem and assist in developing potential corrective actions.
• Develop an automated approach to controls testing
• Education in the areas of information security, Computer Science, systems development and/or computer programming
• Good oral and written communication skills.
• An advanced understanding of Splunk, including back end setups and alert creation
• Knowledge of basic banking concepts and theories
• Demonstrated expertise in Markup/Scripting Languages such as HTML, PHP, Python, Pearl, and Ruby
• Proficient in Programing Languages such as C# .NET
• Demonstrated expertise in identifying web application threat patterns and attack payloads
• Working knowledge of security software packages, networking concepts, and information security principles.
• Experience with several operating systems, the candidate should exercise native productivity aids and command scripts.
• Must have working experience using various attack frameworks (MITRE Attack, Lockheed Martin and others)
• A Certification in a related security domain such as OSCP, OSCE, CISSP, GCIA, or GSEC is a plus
• Bachelor’s degree in computer science, network security, or related field
The Cyber Operations Security Specialist must have the skills required to evaluate application software that affects the bank’s network and systems’ integrity, functionality, and reliability. The Cyber Operations Security Specialist possesses knowledge of multiple operating systems and corresponding security systems. Knowledge and understanding of security tools and hacking techniques are required due to close workings with application security teams during exercises and to identify malicious activity and developing use cases as they are found.
The incumbent must be able to objectively read all current rule logic, identify strengths and weaknesses in rule logic, and communicate findings effectively. The Cyber Operations Security Specialist must also collaborate to develop and implement a fix or enhancement to rules when required.
Experience in scripting with Python to develop and push applications to the GSOC when needed for efficient workflow or to mitigate redundant tasks.