Strategic Staffing Solutions
Strategic Staffing Solutions is currently looking for a Information protection(IT Security) officer, a contract opportunity with one of our largest clients!
Candidates should be willing to work on our W2 ONLY.
Job Title: IT Security officer
Location(s): Bloomfield, CT
Role Type: W2 ONLY, NO C2C
Contract Length: 12 months
How to Apply: send resume and contact information to Suganya, Sourcer at email@example.com
- Provides counsel and advice to top management on significant Information Protection matters, often requiring coordination between organizations.
- Viewed as an expert in a specific aspect of information security. Undertakes complex projects requiring additional specialized technical knowledge. Makes well-thought-out decisions on complex or ambiguous information security issues.
- Provides architectural oversight and direction for enterprise-wide security technology. Ensures high-level integration of application development with information security policies and strategies.
- Stays up-to-date on the direction of emerging industry standards. Identifies, evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable IS security requirements are met.
- Provides technical analysis of requirements necessary for the protection of all information processed, stored, or transmitted by systems. Coordinates with users to determine requirements.
- Conducts security reviews of external service providers and outsourcing vendors and systems reviews to ensure appropriate security implementation.
- Focuses on providing thought leadership and technical expertise across multiple disciplines.
- Recognized internally as “the go-to person” for the most complex Information Protection assignments.
Major Responsibilities Include
- Understand data feeds of various security tools and logs that feed the SIEM & UBA technologies. Ability to identify capabilities and quality of these feeds and recommend improvements.
- Ability to craft new content use cases based on: threat intelligence, analyst feedback, available log data, and previous incidents.
- Create cost effective SPLUNK content using RBA framework
- Perform day to day activities of the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
- Work with the other security teams and product SMEs to identify gaps within the existing analytical capability.
- Development of parsers/field extractions to facilitate reliable content development.
- Development of custom scripts as required to augment default SIEM functionality.
- Participate in root cause analysis on security incidents and provide recommendations for future detection.
- Create, implement, and maintain novel analytic methods and techniques for content incident detection.
- Ensure documentation for content is available on team confluence or other tracking mechanism- specifically including content roadmap and documentation on current content.
- 4+ years of experience supporting a Splunk platform developing new content, applications, dashboards and use cases.
- Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).
- Splunk Core Certified Power User.
- Must have prior experience in Enterprise Splunk Security.
- Must have experience building and prioritizing RBA content.
- Experience with Agile methodologies.
- Understanding of various log formats and source data for SIEM Analysis.
- Solid background with Windows and Linux platforms (security or system administration).
- Ability to effectively communicate with anyone, from end users to senior leadership- facilitating technical and non-technical conversations.
- Strong incident handling/incident response/security analytics skills.
- Deep understanding of technical concepts including networking and various cyber-attacks.
- Solid comprehension of various security controls, capabilities and use in a corporate environment.
- Exceptional problem-solving capabilities.
- Strong documentation and communication skills.
- Demonstrated history of innovation and/or creativity.
- Ability to drive process improvements and identify gaps.
- Ability to excel in a team, as an individual, in a fast-paced deadline driven organization.
- Knowledge of programming/scripting fundamentals.
- 3+ years’ experience performing SOC analysis and/or incident response
- 3-4 years parser development with regex experience
- 3-4 years of experience as a security analyst, incident handler/responder, security engineer, or penetration tester.
- 1-2 years mentoring or leading others
- 1-2 years using Splunk UBA rules
- 1-2 years automating with Python
- 1-2 years working with a XSOAR platform
Bachelor’s Degree or higher degree in Computer Science, Information Security or similar discipline is preferred
Experience with a wide range of security products
Professional Certifications: GCIA, GCIH, GCFE, GCFA, Security+, CCNA CyberOps, OSCP, GPEN, GWAPT, CEH, CISSP, Splunk Core Certified Advanced power User, or other equivalent certifications are highly desirable.
Job ID: JOB-215025
Publish Date: 05 Jan 2023