Job Details

ID #17075736
State Maryland
City Owingsmills
Job type Permanent
Salary USD TBD TBD
Source CareFirst
Showed 2021-07-21
Date 2021-07-20
Deadline 2021-09-18
Category Security
Create resume

Manager, CyberSecurity Monitoring and Incident Response

Maryland, Owingsmills, 21117 Owingsmills USA

Vacancy expired!

Resp & Qualifications

PURPOSE:

The Manager, CyberSecurity Monitoring and Response is a subject matter expert in the field of incident detection and response in with large enterprise networks. As a senior member of the CyberSecurity Operations Center’s leadership team, you will have the opportunity to work on a variety of challenging projects related to security analytics, threat intelligence, threat hunting, digital forensics and incident response. Your expertise and passion for security will help design and build the next generation of large-scale CyberSecurity monitoring and response capabilities. The incumbent will lead a team of cross-functional professionals in not only building the next iteration of monitoring and response capabilities within the enterprise, but also working with the latest automation technologies.

PRINCIPLE ACCOUNTABILITIES: Under the direction of the Director, CyberSecurity Monitoring and Response, the incumbent is responsible for, but is not limited to, the following:

Duties and Responsibilities
  • Oversee and develop security analytics to identify adversarial activity.
  • Determine scope, severity and priority of events.
  • Supervise the digital forensics process including but not limited to data acquisition and preservation, memory and disk analytics as well as, documenting timelines.
  • Implement automation to ensure Incident Responders engage in a repeatable, consistent manner.
  • Research, evaluate and implement next generation security analytics and response tools.
  • QUALIFICATION REQUIREMENTS

    Required Education and Experience:

    Degree or equivalent experience: BA/BS in Information Technology, Information Security, Digital Forensics, CyberSecurity or related field

    Years of experience: Minimum 5+ years of demonstrated work experience. (Additional experience may be substituted for educational requirement.)

    Specialized training – Must have at least one of the following certifications.
    • GIAC Certified Forensic Analyst (GCFA)
    • GIAC Reverse Engineering Malware (GREM)
    • GIAC Certified Intrusion Analyst (GCIA)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Network Forensic Analyst (GNFA)
    • EnCase Certified Examiner (EnCE)

    Required Skills and Abilities:

    Incumbent must have a firm understanding of Information and/or Cyber Security principles. Must be able to adapt quickly to understand rapidly changing threat landscape in order to correctly scope and prioritize security events. The incumbent must also be able to achieve certification across multiple domains such as networking, security, development languages, etc.

    Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to effectively communicate.

    Required skills:
    • Ability to manage staff engaged in multiple concurrent investigations.
    • Ability to effectively analyze intrusions to determine method of entry and potential pivoting activity across the enterprise.
    • Log file analysis to identify artifacts of exploitation, monitoring for beaconing activity and harvesting of IOCs.Preferably with Splunk or Elasticsearch.
    • Through the forensic analysis process, derive attacker activity including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage.
    • Hands-on forensic analysis experience using a variety of tools including Remnux, Volatility, CrowdStrike, Rekall, SIFT and open-source incident response tools and frameworks.
    • Knowledge of adversary TTPs and tools such as CobaltStrike, WebShells, etc.
    • Understanding of signature-based detection mechanisms and event-based detection methodologies.
    • Strong understanding of TCP/IP analysis with Wireshark.
    • Ability to triage events and escalate incidents as necessary.
    • Knowledge of standard incident response frameworks.
    • Vulnerability triage and assessment.
    • Advanced Linux skills.
    • Must be able to script in at least one language.(Preferably Python, Ruby, PowerShell, BASH)

    Preferred:
    • Malware analysis engineering
    • Firm understanding of advanced malware defensive techniques
    • OSINT collection and analysis
    • Experience in a multi-cloud environment, preferably AWS and Azure.

    Equal Employment Opportunity

    CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of theCompany to provide equal employment opportunities to allqualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

    Hire Range Disclaimer

    Actual salary will be based on relevant job experience and work history.

    Where To Apply

    Please visit our website to apply: www.carefirst.com/careers

    Closing Date

    Please apply before: 5.27.21

    Federal Disc/Physical Demand

    Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

    PHYSICAL DEMANDS:

    The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.

    Sponsorship in US

    Must be eligible to work in the U.S. without Sponsorship

    Vacancy expired!

    Subscribe Report job