Information Technology

Information Protection Senior Advisor

Contract

Strategic Staffing Solutions

Strategic Staffing Solutions is currently looking for a Information protection(IT Security) officer, a contract opportunity with one of our largest clients!

Candidates should be willing to work on our W2 ONLY.

Job Title: IT Security officer

Remote: Yes

Location(s): Bloomfield, CT

Role Type: W2 ONLY, NO C2C

Contract Length: 12 months

How to Apply: send resume and contact information to Suganya, Sourcer at sprabhakar@strategicstaff.com

Job Description/Responsibilities:

  • Provides counsel and advice to top management on significant Information Protection matters, often requiring coordination between organizations.
  • Viewed as an expert in a specific aspect of information security. Undertakes complex projects requiring additional specialized technical knowledge. Makes well-thought-out decisions on complex or ambiguous information security issues.
  • Provides architectural oversight and direction for enterprise-wide security technology. Ensures high-level integration of application development with information security policies and strategies.
  • Stays up-to-date on the direction of emerging industry standards. Identifies, evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable IS security requirements are met.
  • Provides technical analysis of requirements necessary for the protection of all information processed, stored, or transmitted by systems. Coordinates with users to determine requirements.
  • Conducts security reviews of external service providers and outsourcing vendors and systems reviews to ensure appropriate security implementation.
  • Focuses on providing thought leadership and technical expertise across multiple disciplines.
  • Recognized internally as “the go-to person” for the most complex Information Protection assignments.

Major Responsibilities Include

  • Understand data feeds of various security tools and logs that feed the SIEM & UBA technologies. Ability to identify capabilities and quality of these feeds and recommend improvements.
  • Ability to craft new content use cases based on: threat intelligence, analyst feedback, available log data, and previous incidents.
  • Create cost effective SPLUNK content using RBA framework
  • Perform day to day activities of the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
  • Work with the other security teams and product SMEs to identify gaps within the existing analytical capability.
  • Development of parsers/field extractions to facilitate reliable content development.
  • Development of custom scripts as required to augment default SIEM functionality.
  • Participate in root cause analysis on security incidents and provide recommendations for future detection.
  • Create, implement, and maintain novel analytic methods and techniques for content incident detection.
  • Ensure documentation for content is available on team confluence or other tracking mechanism- specifically including content roadmap and documentation on current content.

Required Qualifications/Experiences:

  • 4+ years of experience supporting a Splunk platform developing new content, applications, dashboards and use cases.
  • Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).
  • Splunk Core Certified Power User.
  • Must have prior experience in Enterprise Splunk Security.
  • Must have experience building and prioritizing RBA content.
  • Experience with Agile methodologies.
  • Understanding of various log formats and source data for SIEM Analysis.
  • Solid background with Windows and Linux platforms (security or system administration).
  • Ability to effectively communicate with anyone, from end users to senior leadership- facilitating technical and non-technical conversations.
  • Strong incident handling/incident response/security analytics skills.
  • Deep understanding of technical concepts including networking and various cyber-attacks.
  • Solid comprehension of various security controls, capabilities and use in a corporate environment.
  • Exceptional problem-solving capabilities.
  • Strong documentation and communication skills.
  • Demonstrated history of innovation and/or creativity.
  • Ability to drive process improvements and identify gaps.
  • Ability to excel in a team, as an individual, in a fast-paced deadline driven organization.
  • Knowledge of programming/scripting fundamentals.

Desired Qualifications/Experiences:

  • 3+ years’ experience performing SOC analysis and/or incident response
  • 3-4 years parser development with regex experience
  • 3-4 years of experience as a security analyst, incident handler/responder, security engineer, or penetration tester.
  • 1-2 years mentoring or leading others
  • 1-2 years using Splunk UBA rules
  • 1-2 years automating with Python
  • 1-2 years working with a XSOAR platform

 

Education/Certifications:

Bachelor’s Degree or higher degree in Computer Science, Information Security or similar discipline is preferred

Experience with a wide range of security products

Professional Certifications: GCIA, GCIH, GCFE, GCFA, Security+, CCNA CyberOps, OSCP, GPEN, GWAPT, CEH, CISSP, Splunk Core Certified Advanced power User, or other equivalent certifications are highly desirable.

Job ID: JOB-215025
Publish Date: 05 Jan 2023

Tagged as: Information Protection Senior Advisor