EH-Net

Large consulting firm looking to fill a variety of security positions.  Slots open in most major cities, but prefer NY, Short Hills, Philly, Tyson's Corner, Atlanta, Chicago, Detroit, Houston, Seattle, and San Francisco/Silicon Valley.  The job postings will reflect experienced hires, but I am more than willing to talk to junior folks that have the skills to hit the ground running.


Security Monitoring Specialist
Responsibilities:
•   Design of security monitoring solutions such as SIEM, IDS/IPS, Database Activity Monitoring (DAM), firewalls, network and host based malware/AV, and log collection/aggregation within environments of various size and composition
•   Perform requirements gathering, current state assessments,  design, implementation, and testing of monitoring solutions that meet a variety of regulatory needs such as PCI, SOX, FFIEC, FISMA, HIPAA/HITECH, and NERC/CIP
•   Assist clients in improving the capabilities and maturity of their monitoring program by identifying appropriate technologies, policies, organizational structures, and relations with third parties
•   Be able to create custom monitoring rules for a variety of detection platforms, and custom correlation rules for SIEM platforms
•   Assist clients by incorporating security monitoring capabilities into a variety of other operational processes such as incident response, vulnerability management, incident management, asset management, compliance, audit, and executive reporting
•   Guide clients through monitoring tool vendor selections including drafting Requests for Proposal (RFP), assessing vendor responses, and constructing/executing a proof of concept
•   Identify and clearly articulate (written and verbal) findings to senior management and clients
•   Help identify improvement opportunities for assigned clients
•   Supervise and provide engagement management for IT staff working on assigned engagements
Qualifications:
•   Bachelor’s degree in computer science or related field from an accredited college/university
•   5+ years of information security experience and 2+ years of security monitoring experience
•   Demonstrate a clear understanding of typical security monitoring metrics/KPIs, executive reporting, and audit/compliance reporting
•   Strong ability to tune monitoring solutions for generations of appropriate alerts, and experience in coordinating/participating with incident response and investigative teams through incident resolution
•   Experience in arranging relationships and SLAs with Managed Security Services Providers (MSSPs) and the ability to construct/operate shared monitoring relationships involving internal client SIEMS and external MSSPs
•   In-depth knowledge of the monitoring and logging provisions of a variety of regulations and standards such as PCI, NERC/CIP, SOX, HIPAA/HITECH, FFIEC, EU Privacy Laws, ISO, COBIT, NIST SP800-92, NIST SP800-94, NIST SP800-53
•   Technical background in networking including in-depth knowledge of TCP/IP and common communication services/protocols used to transport and manage logs
•   Familiarity of the structure, roles, and responsibilities of monitoring teams with a focus on both distributed/shared models as well as traditional SOCs
•   System Configuration and experience necessary to integrate a wide variety of devices into consolidated monitoring solutions (HP-UX, Linux, Solaris, AIX, firewalls, routers, switches, databases, Active Directory, LDAP, etc.)
•   Two or more years of scripting/programming experience with Perl, Python, VB, or Bash
•   SIEM platform experience (Arcsight, enVision, Nitro, netForensics, QRadar, etc.)
•   Database monitoring platform experience (native DB logging/auditing, AppSec dbprotect, Guardium, Imperva, etc.)
•   Host and network IDS/IPS platform experience (Sourcefire/snort, Cisco, TippingPoint, Tripwire, Dragon, OSSEC, McAfee HIPS, Symantec Endpoint Protection, etc)
•   One or more of the following technical certifications preferred: Certified Ethical Hacker (CEH); GIAC Certified Enterprise Defender (GCED); GIAC Certified Incident Handler or Analyst (GCIH  or GCIA);or equivalent vendor specific certifications (Arcsight, RSA, etc)
•   In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®)
•   Track record with published content / research work in the information security field
•   Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client’s senior management team