These duties are not meant to be all-inclusive and other duties may be assigned. • Experienced in performing security business application and infrastructure compliance reviews, risk analysis, forensics and penetration testing • Actively monitor systems and networks for potential intrusions • Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations, document findings and remediation plans • Manage remediation plans toward closure • Define security standards & incident response plans to detect, respond and recover from security incidents using a risk based methodology • Develop and document security policies and procedures, training and awareness • Serve as a security expert reviewing and recommending security controls for network, application designs, operating systems, endpoint protection, mobile device implementations of new/updated applications and services • Ensure business and technical requirements are aligned to security policies and are implemented within regulatory and corporate compliance. • Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; related to forensics and incident response • Excellent written communication and presentation skills with the ability to present complex security issues to a variety of audiences, including senior executives • Must be self-directed, able to manage individual projects or act as part of a larger team.
Education and Experience:
Bachelor’s degree in Information Systems or equivalent Minimum of six (6) years of enterprise security related work experience. Minimum of four (4) years incident response/forensics experience. Previous 24 x 7 operations experience Licenses and Certifications: Certified Information Systems Security Professional (CISSP) minimum upon hire or related certification: CISM, PCI QSA, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA)