Security Consultant

Responsibilities:

The Security Consultant responsibilities include, but not limited to:

Perform monitoring and analysis of event activities, identify data exfiltration violations, build & document standard procedures and policies, investigate issues & document findings and assist with the implementation of security controls and risk security awareness effortsTakes an active part in the gathering of threat intel, provide analysis of internal & external security intelligence feeds, triage analysis and response to security threats and escalate as needed to the next level as per Security Incident Management Process for severe intelligence findingsHunting based on indicators of compromise (IOCs) or suspicious anomalous activity based on data alerts or data outputs from various toolsets and submit change and/or security control to apply customized rules to prevent attacks and SOC rules to count the number of attacks preventedPublish Actionable Intelligence alerts to L2 and L3 analysts for defined use cases (e.g. compromised credentials, Indicators of Compromise associated with active malicious campaigns) and SituationalAwareness alerts to L2, L3 and SIEM Admin/Integration Engineer for use cases (e.g. New security threats under consideration that could impact the business)Process security incident communications and track incidents with various technical teams until it reaches resolution, document resolution & lessons learned and work with other technical teams on integration, deployment & enhancement projects and any other BAU tasks

General Qualifications:

2 to 4 years of experience for Level 1, 4 to 6 years for Level 2 and 6 to 9 years of experience for Level 3Strong analytical and problem-solving skills and has the ability to create a containment strategy and executeHave hands-on experience on network security zone administration, configurations, IDS policiesKnowledge of systems communications from Layer 1 to 7, packet capture and analysis or;Have hands-on experience on Windows & Linux Server Administration, Systems Administration, Middleware, and Application Administration, log formats & analysis, forensicsAbility to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes

Technical Qualifications:

Experience in 24x7 CyberSecurity Ops or SOC within a large scale and complex environment is highly desired or;In−depth experience with log search tools and SIEM tools such as Splunk, Arcsight, Mcafee usage of regular expressions and natural language queries or;Experience with Security Assessment tools (NMAP, Nessus, metasploit, Netcat) or;Background on vulnerability analysis, management, remediation and compliance or;Information security, risk, audit and regulatory compliance consultingTechnical certification is a big plus, Security+, CySa+, CEH, ECSA, GIAC, CISSP