Associate Principal, Cyber Defense
: Job Details :

***Hybrid, 3 days onsite, 2 days remote***

***We are unable to sponsor as this is a permanent full-time role***

A prestigious company is looking for an Associate Principal, Cyber Defense. This role is focused on threat intelligence, incident response, security alerts, events analysis, network traffic, etc.

Responsibilities:

• Monitor security alerts and events from various security tools and technologies.
• Perform advanced analysis of security logs, network traffic, and endpoint data.
• Review and respond to security incidents escalated by Tier 1 analysts.
• Conduct thorough investigations to determine the scope and impact of security incidents.
• Implement containment, eradication, and recovery measures for confirmed incidents.
• Document and report findings, actions taken, and lessons learned.
• Work closely with threat intelligence team to enhance detection and response capabilities.
• Collaborate with other security team members and IT staff to address security incidents.
• Provide guidance and support to Tier 1 analysts on complex security issues.
• Communicate effectively with stakeholders regarding security incidents and mitigation efforts.

Qualifications:

• Bachelor's degree in cybersecurity, computer science, or another related field.
• Minimum three years of information security experience, preferably in the financial services industry.
• Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response.
• Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives.
• Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure.
• Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities.
• Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+.
• Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.).
• SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus.
• Endpoint detection and response tools, e.g. CrowdStrike, SentinelOne, Microsoft Defender, etc.
• Incident Response playbook development, managing security incident analysis and remediation.
• Network-based preventative and detective technologies (IDS/IPS, firewalls, proxy servers)
• Standard technical writing tools including MS Word, Excel, Project and Visio
• Vulnerability assessment tools (Qualys, Nessus, nmap, etc.).
• Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID).
• Client/server platforms including Sun Solaris, Windows, Linux.
• Operating system hardening procedures (Solaris, Linux, Windows, etc.)
• Web Application Firewalls.
• Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices.