IT SENIOR PROFESSIONAL - SECURITY ENGINEER in Houston
Role details
Job location
Tech stack
Job description
Are you passionate about protecting organizations from cyber threats and helping shape the future of cybersecurity? Virtuo Group is seeking a skilled and motivated Cybersecurity Analyst to join our award-winning team. In this role, you'll monitor, detect, and respond to security incidents, while working alongside experts who are dedicated to keeping our clients' systems secure. If you thrive in a fast-paced, dynamic environment and enjoy solving complex challenges, this is the opportunity to make a real impact., Duties, functions and responsibilities of this position include:
- Responsible for communicating cyber risks and recommendations to mitigate risks to the Chief Information Security Officer (CISO)
- Facilitates department-specific system feeds into SOCs SIEM/SOAR platforms
- Manage/coordinate endpoint protection tools, IPS firewall rules, and integrate threat detection across environments
- Conducts basic malware analysis of attacker tools and identifies indicators of compromise (IOC)s
- Manage the Security Operations Center (SOC) mailbox, and monitor and analyze the emails for threats including phishing and malware, and escalates per procedures
- Participates in the investigations of information security incidents and may prepare reports on intrusions as required
- Proactively seek out suspicious activity and threats within the environment, act appropriately to contain and mitigate them
- Perform real-time detection, analysis, and response to threats via an EDR tool
- Analyze the latest malware discoveries/shifts to understand how/if it would be effective in the environment
- Create new alerts and investigation methods in relation to the ever-changing threat landscape
- Analyze attacks and trends facing HPD to better define proactive defensive measures
- Track, provide, and present analysis into observed attacks against HPD
- Assist with the development, deployment and support of data protection solutions
- Assist with the implementation of data security controls and design principles
- Assist with technology and software reviews based on data protection and endpoint risks
- Responsible for implementing and supporting security platforms related to: Security Orchestration Automation & Response (SOAR), Security Information Event Management (SIEM)
- Manage SIEM platforms, agents, and apps\add-on log source integration upgrades
- Develop alerts, reports, data models, dashboards, and connectors in support of HPD cyber operations
- Recognize patterns and inconsistencies that could indicate complex cyber-attacks
- Develop SIEM correlation rules to detect new threats beyond current capabilities
- Assist with designing and documenting work processes
- Perform log file analysis as needed
- Contribute to CTI (Cyber Threat Intelligence) data gathering, reporting, and analysis activities
- Leverage automation and orchestration solutions to automate repetitive tasks
- Continuous optimization, tuning and monitoring of platforms
- Integration of platforms into SIEM, SOAR and/or API's
- Identify credible, new intelligence, and subject matter resources relative to current and emerging threats
- Create written and verbal intelligence products for internal stakeholders to assist in proactively addressing cyber threats and mitigating risk
- Recognize, research, and analyze various threat actor groups/attack patterns and TTPs
- Prepare and brief CISO on the cyber threat landscape as required
Requirements
Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Network Engineering, or a related field is . An associate degree combined with substantial hands-on experience and/or relevant certifications may be considered in lieu of a bachelor's degree, particularly in smaller municipal environments. A master's degree in Cybersecurity, Engineering, or Systems Architecture is also considered., 3-7 years of hands-on experience in security engineering, network engineering, or systems administration, with a strong focus on security.
1-3 years of experience implementing, tuning, and integrating security technologies, including SIEM, SOAR, EDR, firewalls, and related tools.
LICENSE REQUIREMENTS Must be able to pass a criminal background check, obtain and maintain federally mandated security clearances where required.
PREFERENCES The candidate must have the following knowledge, skills and abilities:
- Knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis
- Familiarity with CJIS, NIST 800-53, and NIST CSF
- Knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies
- Understanding of networking and TCP/IP
- Experience with a wide variety of operating systems: Windows Server, Windows 10, Linux etc.
- Ability to troubleshoot technical and security related issues
- Experience working in a rapidly changing, high intensity environment
- Avid, proactive learner and ability to work well in a team-based environment
- Strong interpersonal and writing skills
- Candidate required to obtain Security+ certification during first year of employment
Benefits & conditions
There are no major sources of discomfort, i.e., essentially normal office environment with acceptable lighting, temperature and air conditions. Significant time spent using computer display, keyboard, and mouse.
