Desired Skills and Experience
- Stay abreast of new threats, risks and vulnerabilities
- Review events generated by various security systems and investigates as needed
- Analyze suspicious files, email and suspected malware
- Identify and respond to cyber-security incidents in accordance with the Incident Response process
- Document lessons learned and makes recommendations on any additional controls which are needed to prevent the incident from recurring
- Build new mitigating controls and develop signatures for existing controls
- Proactively apply threat intelligence and hunt for threats in the environment
- Assess the latest security technologies and makes recommendations based on their potential to enhance the security of the enterprise
- Ability to identify and analyze malicious code
- In depth understanding of Windows operating systems
- Ability to evaluate exploit code in relationship to existing security controls
- Strong knowledge of networking and internetworking technologies (TCP/IP, HTTP, SMTP, etc.)
- Strong knowledge of web application vulnerabilities and solutions
- General knowledge of Unix & Linux operating systems
- General knowledge of the functions of various security infrastructure, including firewalls, Intrusion Prevention Systems, Proxy Servers, Security Event Managers, VPNs
- General knowledge of web application technologies (HTML, JavaScript, etc.)
- Knowledge of malware analysis tools
- Python and/or PowerShell scripting
- Knowledge of Splunk or other SEM tools