Information Security Engineer - Threat Management

DescriptionLocations: On site at Memphis, TN. Maryville, TN. Birmingham, AL, Lafayette, LA. New Orleans, LA. Charlotte, NC, Raleigh, NC.Job Description: The Senior Security Engineer – Threat Management is responsible for the collection, analysis, and dissemination of cyber threat intelligence. These capabilities will include timely collection of advanced warning of impeding IT vulnerabilities or threats, a thorough correlation, analysis, and storage of threat intelligence information, and operational support of the incident response process. They will define, deliver and sustain the enterprise management strategy and solutions from a governance, process, discipline and technology standpoint, to support enterprise environments and our presence in various cloud instances covering threat / vulnerability management. Secondary roles include Intrusion Prevention systems, EDR tools, and other information security solutions.Essential Functions of the Job:

Knowlegeable around securing cloud workloads and cloud instances within AWS, Google, and Azure.

Support the Cyber Incident Response Team (CIRT) in the effective detection, analysis, and containment of attacks

Operate the processes necessary to collect threat intelligence, analyze the data for patterns and actionable information, and create intelligence products for other teams to consume

Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents

Identify appropriate platform and application logging and triggers at design that support advanced fraud and cyber detection use cases

Integrate appropriate systems and logs into the global threat management platform or Security Incident and Event Management system to properly protect their critical assets

Design, test and develop specific content and alerting to identify threats against their critical assets

Document incident response procedures for new threat content and alerts

Maintain an understanding of attacks, vectors and emergent threats

Provide tier II support for escalated security incidents

Obtain and share cyber security intelligence with security partners, vendors and law enforcement as necessary

Mentor and educate teams with expert knowledge of information security event management, security forensics, network access controls and perimeter security, operations, implementations of new technologies

Produce weekly and monthly operational metrics

Work with vendors and internal customers to respond to escalations

Familiar with threat modeling and/or risk-based security testing techniques

Understand configuration management and can work with other teams to make recommended settings

Recommends Preventative Security Actions

Recommends Corrective Security Actions

Expert understanding of the field's concepts, practices, and procedures related to security testing

Comprehension of basic banking systems.

Job Requirements : Trained in OWASP security standards, High School Graduate or EquivalentBachelor’s Degree Preferred but not required in Computer Engineering/Computer Science or related field.CISSP Preferred, but not requiredKnowledge and Skills Requirements:

Familiar with compliance regulations such as SOX, PCI-DSS, GLBA, and Federal Banking regulations

Proficient with cloud security and monitoring capabilities in AWS, Azure and Google

Proficient with web application testing and software security reviews.

Excellent team skills and integrity in a professional environment

Familiar with the Open Systems Interconnection (OSI) model

Understanding of security technologies like; IDS/IPS, firewalls, AV

Understanding of scripting languages like JavaScript, Perl, etc

Understanding of vulnerability scanning tools

Good social, communication and technical writing skills

Days: Monday - FridayHours: 8am - 5pm (some after hour work required)Minimal travel requiredEqual Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)