Information Security Specialist

Job description Actively monitor the networks, systems, applications, IT assets and bio-medical equipment’s for suspicious activity and threats. Using offensive and defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or may occur within the network and make the initial decision on the event/ threat severity. Responsibilities: • Manage network, intrusion detection and prevention systems. • Conduct periodic compromise assessments across selected networks and propose recommendations based on assessment results. • Conduct physical security assessment of the organization’s systems, including servers and networks, ensuring that any unauthorized external physical interference is not actually possible. • Conduct ongoing network hunt activities. • Conduct proactive vulnerability assessment across the network, subnetworks and service traffic to identify potential points of intrusion. • Research and develop methods of tracking and detecting malicious activity within a network. • Develop tools, signatures, and methods of detection for use in incident response activities. • Develop SIEM integrations, dashboards, and analytics to illuminate and visualize threat activity. • Analyze network traffic to provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. • Uses data collected from a variety of cyber defense tools (e.g., anti-virus, IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments, perform cyber defense trend analysis and reporting, and perform event correlation to mitigate threats and gain situational awareness and determine the effectiveness of an observed attack. • Carries out triage to ensure that a genuine security incident is occurring. • Coordinate with entity-wide cyber defense staff to validate network alerts. • Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan. • Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment. • Provide daily summary reports of network events and activity relevant to cyber defense practices. • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information. • Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools. • Isolate and remove malware. • Develop content for cyber defense tools use them for continual monitoring and analysis of network activity to identify malicious activity. • Assist in the construction of signatures which can be implemented on cyber defense tools in response to new or observed threats within the network environment. • Analyze and report organizational security posture trends. • Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus, Threat Intelligence Providers) to maintain updated of cyber defense threat condition and determine which security issues may have an impact on the enterprise. • Provides cybersecurity recommendations based on significant threats and vulnerabilities. • Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operational Plans. • Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber incidents within the enterprise. • Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence. Utilize deployable forensics toolkit to support operations as necessary Qualifications: Knowledge • Security concepts such as cyber-attacks and techniques, threat vectors, risk and threat management, incident management etc. • Networking concepts and protocols, and network security attacks, vulnerabilities, processes, methodologies, access control mechanisms, traffic analysis methods. • Cyber threats and vulnerabilities and information dissemination sources (e.g., alerts and advisories). • Cyber defense and vulnerability assessment tools and their capabilities. • System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). • Scripting languages (e.g., Python, Perl, Bash) used in an incident response environment • Incident response and handling methodologies. • Intrusion Detection System (I