Lead Cyber Defense Threat Engineer

REQUEST TECHNOLOGY
Chicago, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Shift work
Languages
English
Experience level
Senior

Job location

Chicago, United States of America

Tech stack

Microsoft Windows
Microsoft Active Directory
API
Artificial Intelligence
Amazon Web Services (AWS)
Application Firewall
Azure
Border Gateway Protocol
Client Server Models
Software as a Service
Cloud Computing Security
Configuration Management
Control Objectives for Information and Related Technology (COBIT)
Computer Security
Computer Networks
Computer Forensics
Linux
Enhanced Interior Gateway Routing Protocol
Lightweight Directory Access Protocols (LDAP)
Routing
Packet Analyzer
NMap
Open Shortest Path First
Public Key Infrastructure
X.509
Security Information and Event Management
Solaris (Operating System)
Tcpdump
Symantec
Scripting (Bash/Python/Go/Ruby)
Pretty Good Privacy (PGP)
Google Cloud Platform
System Availability
Software Security
Caching
Generative AI
Cyber Threat Analysis
Falcon Platform
Ethereal
Nessus
Cyber Warfare
Operating System Security
Splunk
Qualys
Vulnerability Analysis
Programming Languages

Job description

Prestigious Financial Institution is currently seeking a Sr. Cyber Defense Threat Engineer. Candidate will drive the analysis of threats and vulnerabilities, lead a team of security professionals, and own the strategy for how we defend our enterprise. You'll take initiative to launch and lead security projects assembling teams to remediate threats, incidents, and compliance gaps.

Responsibilities:

Incident Management and Security Analysis:

  • Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting.
  • Oversee technical analysis of security events while coordinating incident response activities with internal and external teams.
  • Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures.
  • Develop and support briefings to OCC senior management as a trusted incident responder.

Security Monitoring & Analysis:

  • Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives.
  • Lead systems management team to operationalize remediation efforts for gaps identified.
  • Develop and implement security monitoring roadmaps for OCC technologies, applications, SaaS, and other cloud-hosted solutions. These roadmaps will direct efforts on implementation of monitoring use cases and measurement of monitoring capabilities.
  • Manage, implement, and validate security monitoring use cases, mapping to frameworks, technical configuration for security tools, etc.

Security Device Administration

  • Subject matter expert on security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development.

  • Validate content changes to security tools are appropriate from other analysts and teams.

  • Report on and enhance current metrics surrounding security tool capabilities and efficacy.

  • Subject matter expert in the systems lifecycle --- performing upgrades, implementation of new technologies, and enhancement identification.

  • Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods.

  • Advise management selecting and scheduling employee training classes, conferences, and seminars.

Requirements

  • Proven team leadership and project management skills, with the initiative to drive solutions across diverse skillsets and work independently or with local/remote staff, vendors, and consultants.
  • Skilled in security assessments and control implementation based on standards like NIST, COBIT, ISO, ITIL, and the NIST Cybersecurity Framework.
  • Strong oral and written communication, analytical, and judgment skills, with the ability to engage effectively with all levels of management in both formal and informal settings.

Technical Skills:

  • Implementation and maintenance of security platforms (Splunk, Crowdstrike, Symantec DLP) and vulnerability assessment tools (Qualys, Nessus, nmap), including incident response playbook development and remediation management.
  • Proficiency with network sniffers/packet tracing tools (Ethereal, tcpdump, etc.), preventative/detective technologies (EDR, network-based analysis), and Web Application Firewalls.
  • Strong background in encryption technologies (PGP, PKI, X.509) and directory services/LDAP security (Active Directory, CA Directory).
  • Experience across client/server platforms (Solaris, Windows, Linux) and OS hardening procedures, plus proxy/caching services.
  • Knowledge of LAN/WAN routing and high availability protocols (OSPF, BGP4/iBGP, EIGRP, NSRP), cloud security tools (AWS, Azure, Google Cloud Platform), and SOAR tools/concepts.
  • Some experience scripting and leveraging APIs to integrate security monitoring tools, with knowledge of Generative and Prompt AI.

Education and/or Experience:

  • Minimum five years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response.
  • Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives.
  • Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure.
  • Industry knowledge of leading-edge security technologies and methods.
  • Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities.
  • Previous people/project management experience is a plus.

Apply for this position