The InfoSec Operations team is responsible for monitoring the security posture of WFS infrastructure and resources. They are responsible providing a holistic cybersecurity service, enabling a comprehensive protection, detection and response capability for WFS.
Core services provided include SOC capabilities (Alert Management, Investigation and Escalation and Incident Response / Blue Team coordination), Context Driven Protection (Threat Intelligence integration and Proactive Threat Hunting) and Root Cause/Return to Service capabilities (Forensic Investigation, Malware Analysis and Vulnerability Management Program)
The team will work hand in hand with our InfoSec GRC and Engineering groups, participating in the deployment, utilization and ongoing maturity and tuning of security policies, tools, event logs and data feeds.
This role will report to the Senior Manager of InfoSec Operations.
Participate in the delivery of BAU cybersecurity operations to include: Alert Investigations, Incident Response, Vulnerability Management, Threat identification, Forensic investigations
Tier 2 analysis and triage of logs and alerts, as discovered or escalated from Tier 1 analysts or MSSP partner services.
Maintain a working knowledge of adversary tactics, techniques, and procedures (TTP)
Participate in enterprise search and threat hunt activities to determine exposure indicators (current and past) associated with known threats
Take part in forensic analysis of WFS assets, as required
Optimizes threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus, cloud security products, intrusion detection systems, and other industry standard security technologies
Participate in the installation, maintenance, upgrades, and troubleshooting of applications and tools directly impacting the InfoSec Operations service deliverables.
Monitor government, industry and and vendor news and threat intelligence feeds to stay abreast emerging threats. Work with senior team members, and members from the wider WFS “blue teams” to determine applicability to WFS assets.
Participate in on-call rotation, providing 24x7 escalation capabilities
Participation within incident response efforts as Incident Commander, with support from senior team members.
Other duties as assigned or directed.
2 to 5 years of experience in network and systems engineer with a focus on cybersecurity solutions
2+ years of experience working in a SOC environment.
Solid understanding of networking concepts and protocols. Familiar with network based security tools like firewalls, IDS/IPS, proxies, etc. Familiar with centralized logging concepts, log parsing and SIEM tools.
Hands-on experience in the detection, response, mitigation, and/or reporting of cyberthreats affecting networks, computer intrusion detection, analysis, and incident response
Understands advanced Windows and Linux system administration roles, core system/application configuration locations, logging and basic hardening concepts.
Practical experience with cloud infrastructure, networking and security, preferably with AWS and Azure.
Experience with scripting (Python, Perl, PHP, etc.), preferably in a networked environment preferably utilizing a variety of API’s, scripting languages or commercial orchestration tools.
Experience with deploying and maintaining security solutions including, but not limited to, SIEM, endpoint protection, vulnerability management and network/system level Intrusion Detection and Prevention.
Strong knowledge of current security threats, techniques, and landscape, and a dedicated and self-driven desire to research and learn more about the information security landscape
Review and triage experience with endpoint detection and response tools
Preferred but not required:
Bachelor’s degree in CyberSecurity, computer science, Information Technology or related field or equivalent work experience
Certifications including but not limited to: CISSP – Certified Information
Systems Security Professional, GCFE – GIAC Certified Forensic Examiner,
GCIH – GIAC Certified Incident Handler