Job Description
Minimum Education Bachelor's degree or equivalent experience Minimum Experience 6 Summary Oversees and/or participates in the instrumentation and administration of cybersecurity tools, appliances, and measures to protect the Board’s IT assets and ensure the Board’s ability to conduct its mission. Utilizes cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, and data analysis platforms as part of an integrated, defense in depth solution with a central security information and event management (SIEM) system and security orchestration tools. Develops an expert understanding of system architecture and the ability to identify security weaknesses that can be exploited to compromise a variety of systems used by the Board. Develops technical products and presents highly technical subjects to a variety of audiences ranging from non-technical senior leaders to highly technical subject matter experts. Oversees collaboration with other cybersecurity professionals to develop and implement cybersecurity solutions that enable threat hunt activities. With limited guidance provides technical and analytical assessments to support information security engineering decisions to ensure Board information and systems are adequately protected. Duties and Responsibilities Oversees and/or participates in implementing cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, and data analysis platforms as part of an integrated defense in depth solution with a central security information and event management (SIEM) system and security orchestration tools. Oversees the development of technical and analytical assessments to support information security engineering decisions to ensure Board information and systems are adequately protected. Able to characterize and manage complex risks to mitigate cyber threats. With limited guidance, proactively supports analysis of threat intelligence from a variety of sources to understand the nature of the threat, extract the information that informs threat hunt operations, and uses that information to investigate Board IT assets for evidence of an intrusion or compromise. With limited guidance, emulates threat actor tactics, techniques, and procedures in a controlled and/or production environment to demonstrate and observe the technical aspects of the emulated activity. Oversees and/or develops adequate detection strategies and development of mitigations as needed to address the specific details of the threat. Oversees the development of programs that apply statistical models, mathematical principles, and other analytic tradecraft to a variety of IT network-generated data for the purposes of identifying anomalous activity, suspicious network activity, and ultimately leads to the discovery of intrusions and/or compromises. With limited guidance, identifies and analyzes system-generated logs and captures forensic images of a variety of systems for the purposes of fully analyzing a cybersecurity intrusion and/or compromise. Includes use of expert knowledge to perform root cause analysis and develop timelines to show the actions taken by a cyber threat actor in an environment. Oversees the completion of all phases of the incident response process including identification, containment, eradication, and remediation. Oversees implementation of vulnerability scans and ensures operational systems are adequately patched to protect the Board from potential cyber threat actors. Oversees the analysis of vulnerabilities and proof of concept code as it becomes available to assess the technical implications of a given threat and ensure that the Board’s defenses are sufficient. Maintains expert knowledge of ethical hacking principles to apply the skills to the management of vulnerabilities and mitigation of technical risk. Ensures that vulnerabilities are managed and patched according to Board policies and procedures. Oversees the development of and/or develops the development of data analytic software and cybersecurity scripts using a variety of programming and scripting languages to enable cybersecurity activities designed to defend the Board’s IT assets. Independently develops programs, software, and scripts that automate the cybersecurity process. Independently develops data queries and scheduled jobs designed to correlate data for further analysis. Independently integrates tools and systems for advanced analysis of relevant data. With limited guidance, manages cybersecurity projects focused on developing and instrumenting complex approaches to detect, prevent, and respond to cybersecurity intrusions and/or compromises. Authors documents and oversees the execution of project plans, schedules, requirements, risks, assumptio