Consultant Cyber Security EngineerLouisville, Kentucky

A well-qualified candidate will be responsible for the analysis and response to 3rd level security events. This will require knowledge for working information security alerts though the use of a Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts. On-call responsibilities will be required. The candidate will need to demonstrate proficiency with the tools and processes mentioned in the Knowledge/Skills/Abilities section.

• Act as liaison with solution owners and IT groups to ensure understanding of security principles

• Possess strong analytical, collaborative, problem solving, organizational and planning skills

• Possess strong written and oral interpersonal skills

• Collaborate with members of the Kindred Information Security department, application owners, software architects, and administrators.

• Ability to keep CISO and senior executives informed of security incidents and answer security related questions/concerns of senior executives in clear, concise, understandable manner.

• Ability to work independently as needed.

• Ensure that all solutions set up for security and monitoring can effectively monitor and report upon security events happening within the environment

• Stay informed on attacks and vulnerabilities on all types of systems, including all Microsoft Windows system, AIX, Linux, Cisco IOS, Apple OS X and audit compliance of Vulnerability Management Program

• Make recommendations for changes to the environment that can help in the removal of vulnerabilities and reduction in the risk of exploitation that may result in potential incidents

• Initiate and produce custom scripts needed to make logging and alerting requirements easy and effective

• Architect, design, implement, maintain and operate information system security controls and countermeasures.

• Analyze and recommend security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance.

• Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.

• Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends.

• Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.

• Analyze and develop information security policies, procedures, standards, baselines and guidelines with respect to information security.

• Assess, plan, and enact security measures to help protect an organization from security breaches and attacks on its computer networks and systems.

• Oversee penetration tests and vulnerability scans to identify vulnerabilities, and consulting with technical teams on remediation of identified vulnerabilities.

• Evaluate, test, and recommend security software to help protect the company’s data

• Develop and conduct table top exercises testing the incident response plan

Knowledge/Skills/Abilities:

• General:
• Healthcare experience is preferred
• Excellent written and verbal communication skills
• Possess a high level of technical knowledge of security platforms including:
  • Palo Alto Next Generation firewalls
  • Sourcefire IPS/Sourcefire AMP
  • Cisco ASA firewalls
  • Proofpoint email protection
  • Carbon Black Response
  • Qradar SIEM
  • Netskope CASB
  • Symantec DLP   

 Required:

• Investigate security incidents through log analysis, interviewing, evidence collection and preservation, and forensics.
• Utilize sensor data and correlated logs containing IDS/IPS, Antivirus, Windows events, web, and similar data to establish context and Identify false-positives and false-negatives.
• Perform security analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, and mainframes
• Candidates will be expected to have enough familiarity with security systems and principles, and be able to function interchangeably within a team of engineers to support a cross functional approach within a highly complex and interconnected networked environment.
• Utilize sensor data and correlated logs containing IDS/IPS, Antivirus, Windows events, web, and similar data to establish context and identify false-positives and false-negatives.
• Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, and mainframes
• Candidates will be expected to have enough familiarity with multiple systems that they can function interchangeably within a team of engineers and support a cross functional approach to resolving issues within a highly complex and interconnected networked environment.

• Bachelor's degree in computer science, information systems, cybersecurity or a related field.

• Relevant experience may be substituted in some cases  

• Desired: Certifications such as: CISSP Security Essentials – SEC401 GIAC GCIH/GCIA Hacker Guard: Security Baseline Training – SEC464 CEH  

• 5+ years of experience in a cybersecurity discipline at a senior level. 
• Experience working security events as a cybersecurity engineer events in a team environment.
• Review of network controls such as firewall rules.
• Ability to consult with IT stakeholders as needed