Key Responsibilities:

• Develop and execute security incident response plans and cyber forensic investigations for investigating all reported security incidents.

• Develop comprehensive incident reports and investigation summaries.

• Develop and collect intelligence to proactively detect and identify high-confidence threats to the brand, service infrastructure and enterprise users and systems.

• Responsible for analyzing/validating security control requirements and tuning, defining the mitigation rules, scripting and performing changes or mitigating attacks, and assisting with troubleshooting support related to any issues which may arise from security detection or protection technologies.

• Assist with reviewing existing tools, applications, and processes to help strengthen and optimize current security capabilities, as well as identifying any gaps or technical solutions to further enhance the team's effectiveness.

• Communicate problems and solutions verbally and in written form to peers and management.

• Compliance and governance: help achieve compliance, identify compliance initiatives, and promote appropriate security policies.

• Lead analysis and review security events for anomalous activity, collaborate with respective peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.

• Lead the exploration of practical security solutions to address emerging threats and compliance requirements, including design and implementation of recommended solutions.

Lead development of information security technology tasks and projects. Ability to communicate with all levels of management. Generate, coordinate, and maintain of project plans. Develops cost analysis estimates for information security tasks and projects. Keep project plans updated as required. Interact with customers as required by project objectives. Understanding of business process as it relates to information security. Define, redesign, and document security processes and procedures. Coordinate the development and delivery of awareness for information security. Work with resource owners to determine appropriate security policies for securable resources. Consult with IT staff to evaluate, select, install, and configure hardware and software systems that provide appropriate security functions. Assist resource owners in understanding and responding to security failures/problems. Assist in determining cause of security related events and identify potential security related events. Communicate to appropriate personnel on normal and exception processing of security authorization requests and/or breaches. Assist with documentation of security policies; maintain resource classification, may be required to present on security status, project status, and security training to management and IT personnel as needed. Assist in proactively protecting the integrity, confidentiality, and availability of information in the custody of or processed by the company. Consult with business units to ensure selection and use of realistic enforcement mechanisms. Aid in review of security policies and auditing of logs. Assist in developing and maintaining effective disaster recovery plans, processes, and procedures. Assist inResearch, evaluate, design, test, recommend, and plan implementation of new or improved information security research, evaluate, design, test, recommend, and plan implementation of new or improved information security technology. Train information owners in the implementation of necessary computer security controls. *May perform other duties as assigned.

Quals-- WHAT ARE WE LOOKING FOR? / WHAT EXPERIENCE DO YOU NEED?

• 8+ years' experience with Incident Response

• Experience in a 24x7 global enterprise, preferably in the Financial industry

• SANS GIAC certifications

• Experience with cloud platforms

• Experience managing or maintaining malware analys s sandboxes,

• Knowledge of malware analysis tools

• Python and/or PowerShell scripting

• Knowledge of Exabeam suite of products or other SIEM tools

• Excellent communication and interpersonal skills

• Understanding of the business and the ability to assess and address risk without negatively impacting the business

• Ability to identify and analyze malicious code

• In depth understanding of Windows operating systems

• Ability to evaluate exploit code in relationship to existing security controls

WHAT ELSE?

• Strong knowledge of networking technologies (TCP/IP, HTTP, SMTP, etc.)

• Strong knowledge of web application vulnerabilities and solutions

• Strong knowledge of Unix and Linux operating systems

• Strong knowledge of the functions of various security infrastructure, including firewalls,

• Intrusion Prevention Systems, Proxy Servers, Security Event Managers, VPNs

• Strong knowledge of web application technologies (HTML, JavaScript, etc.)

• Ability to identify vulnerabilities in networks, systems and applications using COTS tools and manual processes

• General knowledge of network and systems forensics

• In depth knowledge of incident response processes and procedures

• General knowledge of threat intelligence

• Ability to provide 24-hour on-call support on a rotating basis

• CISSP Certified.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. NLB is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, contact HR department by sending an e-mail to notifications@nlbservices.com.