Security Ops Specialist - KORE1 Technologies
Augusta, ME
About the Job
KORE1, a nationwide provider of staffing and recruiting solutions, has an immediate opening for a contract Security Ops Specialist.
PROPOSED JOB TITLE: Security Operation Center Analyst III
As a Cybersecurity Analyst III, the candidate will be responsible for vulnerability management, cyber threat identification, evaluation, prioritization, and remediation activities under the direction of the Cyber Security Manager. The candidate will continuously review existing and proposed protections to State of Maine systems, networks, and software designs, and is responsible for analyzing, logging alerting data, identifying, and escalating potential security events. The Cyber Security Analyst will partner with business users to support the integration of cybersecurity protections into business operations and will act as a key member of the Vulnerability Management team.
PRIMARY RESPONSIBILITIES:
•
Deploy, manage, and maintain enterprise Cybersecurity toolsets
•
Review new systems such as networks and software designs for security risks, recommending mitigations or countermeasures, and resolving integration issues.
•
Have current and complete knowledge on the Vulnerability Management program to include having Application Scanning experience and an understanding of environmental best practices.
•
Be emersed in industry best practices and standards such as: Vulnerability Life Cycle, OWASP Top 10, NIST, CISA, SANS, CVSS Scoring.
•
Develop, manage, and measure metrics to understand the trends, quality, and insights from the vulnerability results to facilitate business decisions, automation development, and update of executive dashboards, reports, and templates.
•
Assist team members with ticket queue management by taking responsibility for and delegating tickets to the team.
•
Provide a cybersecurity partnership with the business to ensure proper implementation of protections toward current and future projects.
•
Under direction and per procedures, perform required tasks and coordinate with IT and Vulnerability Management team and SOC team members.
•
Coordinate architecture and engineering activities with other IT teams as well as internal organizations in an efficient and professional manner. Lead vulnerability management efforts in the detection, triage, tooling expansion, data aggregation and reporting processes, tooling, and automation.
•
Develop and manage ongoing process improvements and backlog to the entire scan program well coordinating globally to ensure success.
•
Actively contribute to business architecture, requirements, reporting and analytic configurations, and processes, ticketing, and proposed roadmap tools.
•
Develop cross-functional team relationships to become trusted point of contact and liaison for inquiries, subject matter expert coordinating all issues, capability gaps, and enhancement requests in the product.
•
In this role, this position will assist the Security Operations Center in maturing and developing a vulnerability program.
•
This individual will work with key stakeholders to establish vulnerability and patch management practices to ensure the execution of these functions tighten the security posture within the State of Maine.
•
Fill in other security functions as directed by the Security Operations Center Manager.
•
Uses a reactive approach to security that focuses on prevention, detection, and remediations of vulnerabilities.
MINMUM QUALIFICATIONS:
Years of Relevant Experience: 10 years of information security experience, with a focus on risk analysis, vulnerability assessment, and security testing within an enterprise environment. The ideal candidate will have knowledge of Windows or Linux systems and their associated scripting (PowerShell, python, bash) languages, experience with AWS or Azure cloud environments, and will have worked with vulnerability and manual testing following OWASP Top 10 products such as Tenable Nessus, Rapid 7 InsightVM, HCL App Scan, MDVM, Qualys, Burp Suite, ZAP or similar. The ideal candidate will have experience in both application scanning and device vulnerability management procedures.
Preferred Education: 4-year college degree in computer science or a related field with advanced study preferred; One or more relevant technical security certifications are a plus (GIAC, ISC2, CompTIA, EC Counsil, etc.)
As a Cybersecurity Analyst III, the candidate will be responsible for vulnerability management, cyber threat identification, evaluation, prioritization, and remediation activities under the direction of the Cyber Security Manager. The candidate will continuously review existing and proposed protections to State of Maine systems, networks, and software designs, and is responsible for analyzing, logging alerting data, identifying, and escalating potential security events. The Cyber Security Analyst will partner with business users to support the integration of cybersecurity protections into business operations and will act as a key member of the Vulnerability Management team.
PRIMARY RESPONSIBILITIES:
•
Deploy, manage, and maintain enterprise Cybersecurity toolsets
•
Review new systems such as networks and software designs for security risks, recommending mitigations or countermeasures, and resolving integration issues.
•
Have current and complete knowledge on the Vulnerability Management program to include having Application Scanning experience and an understanding of environmental best practices.
•
Be emersed in industry best practices and standards such as: Vulnerability Life Cycle, OWASP Top 10, NIST, CISA, SANS, CVSS Scoring.
•
Develop, manage, and measure metrics to understand the trends, quality, and insights from the vulnerability results to facilitate business decisions, automation development, and update of executive dashboards, reports, and templates.
•
Assist team members with ticket queue management by taking responsibility for and delegating tickets to the team.
•
Provide a cybersecurity partnership with the business to ensure proper implementation of protections toward current and future projects.
•
Under direction and per procedures, perform required tasks and coordinate with IT and Vulnerability Management team and SOC team members.
•
Coordinate architecture and engineering activities with other IT teams as well as internal organizations in an efficient and professional manner. Lead vulnerability management efforts in the detection, triage, tooling expansion, data aggregation and reporting processes, tooling, and automation.
•
Develop and manage ongoing process improvements and backlog to the entire scan program well coordinating globally to ensure success.
•
Actively contribute to business architecture, requirements, reporting and analytic configurations, and processes, ticketing, and proposed roadmap tools.
•
Develop cross-functional team relationships to become trusted point of contact and liaison for inquiries, subject matter expert coordinating all issues, capability gaps, and enhancement requests in the product.
•
In this role, this position will assist the Security Operations Center in maturing and developing a vulnerability program.
•
This individual will work with key stakeholders to establish vulnerability and patch management practices to ensure the execution of these functions tighten the security posture within the State of Maine.
•
Fill in other security functions as directed by the Security Operations Center Manager.
•
Uses a reactive approach to security that focuses on prevention, detection, and remediations of vulnerabilities.
MINMUM QUALIFICATIONS:
Years of Relevant Experience: 10 years of information security experience, with a focus on risk analysis, vulnerability assessment, and security testing within an enterprise environment. The ideal candidate will have knowledge of Windows or Linux systems and their associated scripting (PowerShell, python, bash) languages, experience with AWS or Azure cloud environments, and will have worked with vulnerability and manual testing following OWASP Top 10 products such as Tenable Nessus, Rapid 7 InsightVM, HCL App Scan, MDVM, Qualys, Burp Suite, ZAP or similar. The ideal candidate will have experience in both application scanning and device vulnerability management procedures.
Preferred Education: 4-year college degree in computer science or a related field with advanced study preferred; One or more relevant technical security certifications are a plus (GIAC, ISC2, CompTIA, EC Counsil, etc.)
Salary range $100K-$110K
ABOUT KORE1
Specializing in professional and technical recruiting, KORE1 is committed to supporting top IT, Engineering, Creative, Scientific, Accounting and Finance professionals in their career paths. We build deep relationships with leading companies, connecting them to exceptional talent every day. With extensive industry expertise and unmatched opportunities, our goal is to provide a unique experience for our contractors and consultants as they prepare for their next role. We are passionate about matching the right people with the right companies.
Specializing in professional and technical recruiting, KORE1 is committed to supporting top IT, Engineering, Creative, Scientific, Accounting and Finance professionals in their career paths. We build deep relationships with leading companies, connecting them to exceptional talent every day. With extensive industry expertise and unmatched opportunities, our goal is to provide a unique experience for our contractors and consultants as they prepare for their next role. We are passionate about matching the right people with the right companies.
Kore1 provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Kore1 complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Kore1 expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Kore1's employees to perform their job duties may result in discipline up to and including discharge.
Source : KORE1 Technologies