Workplace Policy Hybrid Job ID 2024-5197 Date posted 11/22/2024 Overview:

As a Cyber Security Specialist Senior within the Cyber Security & Risk Management team, this role is pivotal in fortifying our enterprise's security posture. Responsible for threat intelligence, monitoring, and proactive defense measures across application, endpoint, and network security, the incumbent will play a key role in identifying and eradicating potential threats.

The Cyber Security Specialist Senior will possess a keen investigative mindset, a passion for information security, and the ability to articulate complex concepts to diverse audiences. Tasked with participating in incident response, this role focuses on detecting, disrupting, and eliminating threats within our network.

Overseeing the proactive monitoring of critical systems' security, including the identification, analysis, and response to potential threats, this position requires proactive collaboration with technical and non-technical stakeholders. Integration with these teams is essential to drive comprehensive cyber security program deployment and adoption, enhancing security capabilities across on-premise and cloud environments.

Reporting to the Security Operations Manager, the Cyber Security Specialist Senior will collaborate closely with Information Technology, Cyber Security, Audit, PMO, and LOB stakeholders. This collaboration involves executing requirements, refining procedures, and implementing security controls to bolster our security infrastructure.

This role demands a self-motivated team player who thrives in a fast-paced, multi-faceted environment and is committed to continuous personal and professional growth. Relies on experience and independent judgement to plan and accomplish goals directly related to Cyber Security matters.

Principal Duties & Responsibilities:

• Lead incident response efforts against cyber threats, providing expert guidance for Tier 1 and 2 support during incident resolution.

• Perform advanced analysis and comprehensive reporting of security events through sophisticated tools, including SIEM and IT service management portals.

• Direct strategic collaboration with MSSP SOC for 24/7/365 monitoring and response, overseeing cyber security incidents at an expert level.

• Oversee incident response strategies, managing complex security incidents, including sophisticated malware threats and anomalous events.

• Lead in-depth technical analysis and expert-level forensic investigations for intricate security incidents, guiding the team in comprehensive analyses.

• Manage security incident response through in-depth, technical (log, forensic, malware, packet, etc.) analysis.

• Develop and manage advanced documentation on sophisticated threat hunting processes and procedures, contributing senior-level insights to process development.

• Strategically collaborate with Cyber Security Engineering/Architecture and IT teams to set high-priority security requirements at a senior level.

• Provide on-going, continuous refinement of cyber threat use cases.

• Build and enhance automated controls to detect security events.

• Evaluation threat capability gaps within the security stack and present strategic recommendations to management.

• Identify and analyze threat and brand intelligence functions, composing security alert notifications and other communications.

• Identify, analyze, and communicate threat intelligence trends and patterns to guide advanced security strategies.

• Manage brand intelligence functions, monitoring forums, social media, and other threat actor activity channels for potential threats.

• Actively stay up-to-date with the latest threatscape, attack vectors and countermeasures (engage with ISACs).

• Deliver on monthly/ad-hoc reports on vendor security advisories, patch advisories, and management assessment reports for team consumption.

• Collect and maintain evidence supporting cyber assessment findings and recommendations.

• Translate infrastructure technologies such as Network, Database, Server, Endpoint, etc. issues into cyber risks for threat monitoring.

• Prepare system security reports and communicate assessment status to stakeholders

• Implement processes supporting the control framework and risk requirements

• Continuously update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.

• Collaborate with management to determine information security metrics and helps with the collection of information security metrics.

• Collect security incident metrics & data to enable reporting to senior management.

• Upgrade security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.

• Support skill set development of the team members (mentoring, cross-training).

• Develop an understanding of business goals and reframes risk discussions in simple solutions that are understandable at all levels of the organization.

• Serve as subject matter expert (SME) within Cyber security initiatives and projects.

• Cyber Security professionals who hold a CompTIA Security+ certification are required to maintain their certification in good standing and to adhere to all applicable regulations, policies and procedures.

Qualifications:

• 2-4 years of information security experience.
• 2-4 years experience engineering and analyzing server-based operating systems.
• 2 years of technical troubleshooting experience.
• 2 years of hands-on SIEM experience. 
• Experience working in enterprise SOC environments, either in-house or through MSPs.
• Strong intrusion analysis background and understanding of intrusion detection/analysis methods.
• Experience with SIEM search, report, and alert functions.
• Proficient in managing next-generation anti-malware and endpoint detection/response (EDR) solutions.
• Experience with Threat Intelligence platforms and workflows, including collection, analysis, and dissemination of actionable intelligence.
• Familiarity with TTPs (Tactics, Techniques, and Procedures) of adversaries and frameworks like MITRE ATT&CK.
• Proficiency with User and Entity Behavior Analytics (UEBA) tools to detect anomalies and insider threats.
• Ability to interpret behavior analytics to identify suspicious patterns and reduce false positives.
• Advanced technical skills in Information Security practices, including configuration management solutions for compliance.
• Familiar with exploited CVEs and remediation methods.
• Understanding of a broad range of security technical concepts.
• Experience with Active Directory and Windows system architecture.
• Understanding of Windows and Linux security principles: OS lockdown, logging and monitoring, user access, and perimeter protection.
• Working knowledge of data center equipment (servers, storage, network).
• Experience with Litigation Hold and eDiscovery requests.
• Ability to plan, execute, and document initiatives following established processes and procedures.
• Strong attention to detail, analytical skills, and ability to operate in high-stress environments.
• Ability to manage complex issues and develop solutions independently.
• Proficiency with MS Office (Word, Excel, PowerPoint, Outlook).
• Open-minded, adaptable, and passionate about learning.
• Excellent verbal and written communication skills, including the ability to engage both technical and non-technical audiences.
• Experience delivering messages to individuals with varying technical expertise.
• Strong interpersonal skills, enabling collaboration across all levels of an organization.
• On-call and after-hour work may be required to address critical incidents.
• Relevant information security certifications (e.g., CISSP, CISM, CEH, CRISC, CISA, OSCP, GCIH)
• Proficient in PowerShell scripting.
• Knowledge and understanding of banking or financial services industry
• Familiarity with delivering technical and business requirements to diverse stakeholders.

Education:

• Bachelor's Degree in Computer Science, Information Security, or a related technology field required.
• Master's Degree in Computer Science, Information Security, or a related technology field preferred. 

Special information to candidates:

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view Equal Employment Opportunity Posters provided by OFCCP here.
• The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
• Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com. 

#LI-GG1