Industry: Financial institute

Job Title: Senior Cybersecurity Engineer

Location:  Addison, TX  OR Chicago, IL (Hybrid)

Duration: 12-18 Months

Skills:

• 5-7 years of experience in Information Security (Must-have)
• Participates in evaluation, selection, and implementation of new Identity Threat Detection Response (ITDR) products technologies: Next level of threat response in the IAM space. The products that provide ITDR = Defender, CrowdStrike, etc: Trying to pick one of these vendors that can provide them the right tools to detect a threat immediately from an endpoint, device, server, etc. and can provide various responses to take immediate action. Evaluate these various vendors, presenting demos, and picking which vendor will be the right one for their team. Developing an implementation plan. They plan to select a vendor by Q2 of this year. Should have experience implementing ITDR vendors and architecting/implementing the solutions.
• Hands on experience in one or more identity security technologies, such as CrowdStrike Falcon, Defender for identity, SilverFort, Semperis, Azure Security Center/Azure Defender, and Compliance technologies.
• Very strong knowledge of Security Information and Event Management (SIEM) analysis, monitoring and alerting.
• Knowledgeable in ATTCK Matrix: Very important. All the known types of compromises or techniques attackers use to compromise a system are listed here. These resources need to be very familiar with this, and use ATTCK Matrix as a reference point to evaluate the products and make a vendor selection.
• Ability to enhances team capabilities for extended detection and response (XDR), zero trust and cloud security.
• Strong Active Directory expertise.
• Proven hands-on experience in large AD and IAM project implementations support. !!!!!!!!!
• Prior experience in IAM technologies like Azure, PingFederate, Okta etc.
• Prior experience with industry standard SSO technologies and protocols (OAuth, OpenID Connect, FIDO, SCIM, LDAP, SAML)
• Knowledge of LDAP and Active Directory services, MFA, Risk based authentication and privileged access management
• Holistic view of IAM (Authentication and Authorization Data, Endpoint Security, Network Security, Policy Engine)
• Knowledge of Cybersecurity concepts and mitigation practices, such as Advanced Persistent Threat (APT), Credential Theft, Zero Trust, Privileged Access. Management, Just-in-time Administration, etc.
• Knowledge of Security Assessments and Reviews. (Red team testing, threat modeling, ethical hacking, etc.)
• Knowledge of threat modelling frameworks. No specific frameworks needed; however, it’s more of a mindset on an analytical level. Documentation experience needs to be strong.
• Direct experience working with very large datasets and log analysis tools including but not limited to: Splunk, Python, Pandas, SQL, Hadoop, Hue.
• Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways.
• Ability to apply Cyber Threat Intelligence through enrichment, correlation, and attribution.
• Familiarity with offensive security strategies and assessment methodology.
• Experience explaining threat hunt objectives in plain English and able to communicate associated risk.
• Strong written and verbal communication skills.
• EDR and general cyber security threat background, as well as ITDR. They use Active Directory and Ping suite of applications.

• Prior experience in either of cyber security defense, ethical hacking and RED team testing is plus
• Strong interpersonal skills; ability to make effective presentations and communicate technical concepts to non-technical parties
• Excellent communication, influencing and facilitation skills with deep intellectual curiosity and innovative thinker