We are seeking a Cyber Security Engineer with Incident Response experience for a long term contract opportunity(multi-year initiative) in Atlanta, GA. This role will be based onsite in Atlanta, GA (all work will be performed Monday-Friday- onsite)and will require an in-person/onsite interview for consideration. We cannot conduct phone or video interviews for this role.
The Cyber Security Engineer - Incident Response and Security Operations will monitor all networks, IPS\IDS 's, and security tools for network intrusions, unauthorized access and other indicators of compromise. Additional responsibilities for this role are as follows:
- Perform incident investigations and initiate incident notification, case tracking/management and recovery actions, perform troubleshooting and problem resolution on internal security equipment and systems.
- Participate in all incident response (IR) efforts; detect, identify, respond, contain and remediate all information security incidents.
- Perform real-time and alert monitoring of network tools (IDS, IPS, HID, firewalls) and analyzing both raw (management consoles) and processed security event data (SIEM) to identify potential security incidents, threats and vulnerabilities to help improve log data and develop additional use cases for further improving tools and detection. Assist with research and distribute cyber threat intelligence to protect all company networks.
- Provide information security metrics and key performance indicators (KPI's). Participate in Incident Response and Security Operations Team.
- Monitor company networks and Security Information Event Monitoring (SIEM) tools to identify Indicators of Compromise (IOC’s)
- Respond to incidents as necessary and provide 3rd level support to junior team members
- Detect, respond, identify, contain and remediate all information security incidents
- Receive and distribute cyber threat intelligence to protect all company networks
- Assist in defining and building the incident Response and Security Operations program under the office of Information Security
3-5 years Information Security experience
Security Operations and Incident Response Experience required
Experience SIEM tools such as Splunk, McAfee ESM, LogRhythm is required
Strong technical, troubleshooting and analytical skills required
Experience with Anti-virus and Advanced Endpoint Protection a plus
Experience with Web Proxy, MDM, DLP, and NAC a plus
Industry certifications such as CISSP, ECIH, CCIH or GHIA. Experience in lieu of certification will be taken into consideration
This role will be based onsite in Atlanta, GA and may require an in-person/onsite interview for consideration.