Cyber Security Engineer - Incident Response, Counter threat & Threat I
Posted on Aug 13, 2019 by Ameriprise Financial
The Cyber Security Engineer is part of the Ameriprise Cyber Security team that is responsible for 24x7 monitoring, threat intelligence, counter measure development(Counter Threat), and incident handling of Ameriprise cyber threats. Working as a team, leading and learning to effectively leverage security controls/tools to best managed Ameriprise cyber risks. A responsibility also includes weekly on-call rotation.
Core Responsibilities include:
- Incident Detect/Response
- Analyze security events from various sources and determine if it qualifies as a legitimate security incident.
- Create scenarios/rules to enable detection tools to look for indicator of compromise on Ameriprise assets.
- Respond to and drive remediation of critical incidents according to standard operating procedures (SOP).
- Initiate escalation procedures to counteract potential threats/vulnerabilities.
- Ensure incidents are handled in a manner that is consistent with policy and procedure.
- Coordinate communication activities in support of Incident Response (IR) processes.
- Interface with technical personnel from various disciplines to rapidly resolve critical issues.
- Create recommendation to the leaderships of incidents and propose effective response and/or countermeasures for containment.
- Participate in knowledge sharing with other security engineers and partner.
- Identify, document, and recommend new or revised processes, policies, and SOPs.
- Perform incident investigations, determining the cause of the security incident while preserving evidence for chain of custody with internal and external partners.
- Perform malware analysis/reverse engineering with approved tools in Ameriprise Environments.
Threat Intelligence Assessment
- Assist, and/or perform, comprehensive threat intelligence assessments. This may include providing reporting on assessment results as well as risk mitigation and remediation recommendations and plans.
- Keep current with emerging security trends, issues and alerts.
- Communicate known security risks and solutions to leadership in order to mitigate risks to business and technology partners as needed.
Process Champion & Counter Measure Development
- Drive continuous improvement of processes and procedures to improve analysis of events, event handling activities, develop counter measure to prevent, detect, or investigate ever-changing threats and support overall Cyber Security services.
- Streamline, develop repeatable process, with automation or semi-automation to ensure quality, effectiveness and efficiency (i.e. scripting, process modification)
- Develop threat scenarios, and test cases to measure security tools effectiveness in prevention, detection and investigation capabilities
- Bachelors degree or equivalent (4-years) in Computer Science, MIS or Technology Forensics or related technical field; or equivalent work experience.
- 5-7 years of relevant experience required.
- Certifications Required: CISSP, CISA, CISM or CRISC; or equivalent security certification.
- 5+ years experience installing, monitoring and maintaining information security solutions - including policy design and implementation.
- 3+ years experience evaluating and designing security solutions for technology projects.
- Demonstrated understanding of security related technologies and practices, including: authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, secure remote access, and fire walls.
- Strong/diverse technical background in enterprise networking, firewall, storage options, server infrastructure, operating systems, database technologies, and desktop operating systems and security.
- Demonstrated ability to work within a global organization.
- Demonstrated ability to work across teams to dive deep and solve highly technical issues
- Holds one of the following certifications: CISSP, CISM, EnCE, GCIH, GCIA, GREM, GCFA, GPEN, SSCP, CCFP, or equivalent.
- Experience with NIST Cybersecurity framework, Lockheed Martin Cyber Kill Chain ®, MITRE ATT&CK, and/or CSIRT models.
- Experience with regulatory compliance issues such as: FFIEC, OFCC, SEC and Federal Reserve plus: SOX, GLBA and PCI.
- Experience with scripting, automation and/or programming: Python, Powershell, Ansible, other orchestration tools, or equivalent.
- Experience with the usage of the following tool: FireEye, Carbon Black, ArcSight, Symantec Endpoint Protection, Symantec Data Loss Prevention, EnCase or similar Network Security Monitoring, Endpoint Detection and Response tools.
- Experience working in the financial services industry or other highly regulated/compliance oriented environments.
- Broad technical experience including malware system analysis, application development, networking, and database design and administration.
- Demonstrated experience contributing and collaborating effectively as an informal leader in a high-functioning team.
- Effective organizational, analytical and independent problem solving skills.
- Successful experience coordinating and completing multiple tasks within established and changing deadlines.
- Experience designing and governing corporate policies while ensuring compliance with legal and regulatory statutes.