Shentel - Roanoke, VA
posted 5 days ago
About the position
Responsible for reducing the impact of information security incidents and system compromises. They do so by leading our advanced security monitoring, incident / event investigation and analysis, leading roleplay tabletop events and helping to run 'purple team' exercises, contributing to documentation and playbooks to ensure repeatable security-focused processes, taking the lead on security and data privacy assessments as well as coordinating the execution of recommendation for endpoints, servers, and network infrastructure. They are responsible for the detection and alerting on of indicators of compromise (IoC) as well as helping correlate the evidence of attack in alerts or monitoring, by hunting through data, systems and from review of investigation notes. This role is also responsible for leading and mentoring more junior security resources at the organization. Position has a moral and legal responsibility to uphold all local, state, and federal regulations especially in regards to security and data privacy.
Responsibilities
- Lead security incident investigations and reporting according to the Incident Response Plan (IRP).
- Coordinate industry best practice security and data privacy assessments for all third party vendors, contractors, consultants, auditors, applications (both on premise and cloud) as well as system-to-system connections on our internal and customer-facing networks.
- Perform network and application penetration tests, vulnerability assessment scans, and patch management / vulnerability remediation strategy planning.
- Monitor and advise on information security and data privacy issues related to the systems and their related data flows while ensuring internal security controls are appropriate and operating as intended. Coordinate execution of approved mitigation plans.
- Conduct security and data privacy research in keeping abreast of latest information security as well as data privacy events, issues, and trends.
- Lead the assistance and support of user and security posture awareness for IT teams as well as key information security partners for our customer facing servers, networks, and applications.
- Act as the security investigative lead on any breach analysis activities to help discover root cause.
- Contribute to disaster and business continuity recovery planning as well as play a role in the execution should an event occur.
- Analyze and provide security model planning input for cloud (SaaS) access and monitoring. Including protection recommendations associated with IT architecture for cloud and hybridized computing. Help to coordinate execution of that model and strategy.
- Lead on support for compliance activities for SOX, PCI, CPNI, and data privacy regulations around PII, PHI, and financial data.
- Actively participate in red team / blue team engagements led by more senior team members or by select management approved security partners.
- Participate in threat modeling activities with more senior team members or with select management approved security partners.
- Primary role on supporting IT Security program initiatives and security tool implementations.
- Provide regular business intelligence via technical reports, meaningful metrics to management and to c-suite level audiences as required through tooling over time.
- Conduct quality assurance reviews of investigations and analysts' adherence to process as well as procedures.
- Develop industry best practice and modern security report templates, processes, and playbooks for other security team members and operational functions to execute on.
Requirements
- Education: Four Year Degree in Computer Science, Networking Administration, or Cyber Security is required. Master's Degree in Cyber Security is preferred.
- 7-10 years of Information Security, Data Analytics or Security Operations experience is required.
- 5-7 years of Splunk or SIEM experience is required.
- 3-5 years of Security Analyst or Security Generalist is required.
- Seasoned experience in application, server, and network security is required.
- Experience in the event log monitoring of computer systems and SIEM enterprise security capability is required.
- Experience with and deep understanding of industry standard security frameworks (e.g., NIST, CIS, OWASP, Mitre Att&ck) and PII, PHI, CPNI, and PCI data handling requirements is required.
- Experience with SOX obligations and requirements is required.
- Experience in information security or data privacy investigative work is required.
- Experience with mobile device management (MDM) is required.
- Experience as a lead technical security resource on several small to mid-sized security initiatives is preferred.
Benefits
- Drug-free workplace
- EEO employer
