CYBER SYSTEMS ENGINEER

100% REMOTE FOREVER

W-2 RATE IS NEGOTIABLE

TEMP TO PERM

RESUME TO CRISS BRIENT at: cbrient@altaits.com

The Cyber Systems Engineer reports to the Lead of Focused Operations and Security Engineering within the CISO organization. This group is responsible for providing cyber engineering, cyber threat intelligence, forensics, malware analysis, and break glass incident response support to the corporate Cyber SOC.

Responsibilities:

• Optimizing security operations, tools, and processes for a newly merged company.

• Assisting with the selection of new security tools, implementing tools, and monitoring, managing security tools within the enterprise.

• Making technical and policy recommendations, decisions that affect corporate security posture, especially as it relates to DFARS 252, NIST SP 800 171, CMMC compliance.

• Providing Cyber Threat Intelligence to the Cyber SOC and performing Threat Hunting activities

• Assisting with forensic investigations

• Close coordination with SOC Analysts and Security Architects

• Understanding placement of network security infrastructure and log coverage requirements for hosts, infrastructure, and network devices.

• Working collaboratively with other teams throughout the company to impact change and define an acceptable security posture

• Supporting the SIEM tool in a complex network environment and assisting security analysts in building operational processes around the SIEM ecosystem. Ensure SIEM coverage and correct event types are arriving into SIEM, and create effective rules and dashboards to assist other groups.

• Tune and troubleshoot SIEM and other Cyber tools to deliver optimal performance in high volume enterprise customer environments

• Configure, troubleshoot and leverage security devices such as packet capture, endpoint EDR, and anti malware

• Limited travel may be necessary support deployments or resolving issues.

• Investigating, interpreting, and responding to technical and or complex IT security data.

• Ensuring security systems are backed up and operational.

• Candidate must have a strong foundation of Network and Security skills, fundamental knowledge of operating systems such as Windows, Linux, Cisco IOS, and hardened security appliances, networking protocols, network traffic analysis, cyber threat intelligence, threat hunting, and information security.

Qualifications:

• Experience supporting corporate environment with workstations. Government customers or contractors a plus

• Experience supporting a Security Operations Center strongly desired

• Sufficient level of understanding of the multitude of tools required to be managed and implemented by a Security Operations team

• Experience with SIEM tools, log management, and structured query creation

• Experience, understanding of various control frameworks including NIST 800 171, CMMC, FedRAMP preferred

• Experience running tools in and supporting Cloud, hybrid cloud and on prem environments preferred

• Experience implementing and reviewing corporate wide security and networking policies and rules

• Experience with security orchestration, automation, APIs, and scripting.

• A strong understanding of threat actors, current TTPs, IoC management, and CTI processes

• A working knowledge of cyber attack techniques, and the ability to detect attacks without receiving a SIEM alert

• Experience with FTK, Encase, Write Blockers, Chain of Custody forms, and proper methodology for Cyber Forensics work

• Experience with both static and dynamic analysis of malware, and the tools, techniques, environments required to perform the work without introducing risk

• Strong report writing skills

• Technical certifications like OSCP, GIAC, etc.

Manager Notes:

Cyber engineering is one – system arch, network design, maintenance of network security appliances

Maintaining and tuning Siem products, qRadar is what they use but doesn’t matter what tool

Need to write queries and create rules in detecting alerts for the response team to investigate

They don’t do the investigation themselves but understanding that is helpful to write the rules

Maintaining cyber threat intelligence systems, peer industries and government partners, which do they need to create rules for

Cyber threat intelligence exp is needed

Some forensics but not much, some exp is good to have, for laptops that are dropped off at office

Netware reverse engineering, unique malware has to be broken apart to see the capabilities, coding and scripting experience here is needed, red teaming