Polaris Alpha

Returning Candidate?

Senior Information Security Engineer

Senior Information Security Engineer

Req # 
2210
Position Type 
Full Time
FLSA Status 
Exempt
Category 
Security - Other
Security Clearance 
Eligible
Location 
Colorado Springs, CO

More information about this job

Benefits

In addition to competitive compensation, Polaris Alpha offers excellent benefits:

• Comprehensive Medical, Dental, and Vision coverage
• Life and AD&D coverage at 3x annual salary
• 401k plan, 4% gifted contributions for all eligible employees - 100% vested in plan from date of enrollment
• 4+ weeks of PTO and 10 Paid Holidays observed
• Education Assistance Program
• Relocation programs

Job Description

Polaris Alpha develops innovative solutions to the most significant challenges affecting our Nation's ability to collect, utilize, and defend digital information. We’re passionate about developing cutting-edge, creative solutions, and fostering a highly sought-out place of employment for many of the brightest minds in the industry. We are the best because we hire the best. At Polaris Alpha, we have developed a culture of going above and beyond the normal expectations in the delivery of our work. Our clients and employees are the number one reason why we’re successful, and that formula won’t be changing!

Position Overview:
The Senior Information Security Engineer is part of a team of Security Analysts and Engineers to support watch operations. The analyst will participate in an on-call rotation to provide leadership support after hours and on weekends when necessary. The position requires the monitoring of events that have the potential to compromise the safety and security of the enterprise, offices, data centers, and other corporate locations.
This individual will provide support to professional associates during business disruptions and will manage the escalation and communication to both Corporate Support and BU leadership. Additionally, the analyst will assist the cross-organizational crisis management team in situations when the Security Vulnerability Engagement Process (SVEP) is enacted.
The Senior Information Security Engineer will be responsible for monitoring and analyzing network traffic and security event data, as well as responding timely and appropriately to security events or incidents and assess the severity of the risk and impact to the production environment. This role will investigate intrusion attempts and perform in-depth analysis of exploits. This individual must also be flexible and be able to collaborate well with other staff in discussing production impacting issues, reviewing relevant security event logs, and escalating significant items as appropriate.

Responsibilities:
• Provide first responder forensics analysis and investigation of Severity 1 security incidents.
• Provide forensics analysis and investigation of Severity 2 to Severity 3 security incidents through escalation from Tier 2 Analysts.
• Work with Tier 2 Analysts to communicate findings during investigation for documentation and escalation.
• The Senior Information Security Engineer will drive the containment strategy during data loss or breach events including:
o Triage and resolve advanced vendor attack such as botnets and advanced persistent malware.
o Work directly with data asset owners and business response plan owners during high severity incidents.
o Determines the impact of events and recommends incident alter thresholds.
o Aggregates and correlates event data from multiple sources and sensors.
• Reviews aggregated threat feed data from Tier 2 Analysts to determine tuning of countermeasure required or vulnerabilities to be remediated outside of the Risk/IT process.
• Reviews vulnerability scans for high vulnerabilities and prioritizes remediation actions required for asset owner and feed Tier 2 Analyst for ticketing and tracking.
• Provide tuning recommendations of policy in security control tools to tool administrators based on findings during investigations or threat information reviews.
• Provide recommendation tuning of the IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data incidents, or vulnerabilities and exploits of downstream systems.
• Issue documentation and proactively contacting customers when an issue is resolved to ensure the service provided met or exceeded the customer expectations.
• Review weekly security incident metrics.
• Find trends in security incident for security problem identification, control deficiencies, gaps in countermeasure capabilities and publish findings monthly for operational reviews.
• Monitoring and analyze network and security event data from a variety of sources to identify internal security events based on internal and common intelligence sources.
• Investigate intrusion attempts and perform in-depth analysis of exploits.
• Stay abreast of the threat landscape through open sources and observed activity.
• Development and documentation of Tier 1 or 2 Analyst activities and workflows.
• Analyzes detected events to understand attack target and methods.
• Monitors information systems and assets at discrete intervals to identify cyber security threats and events and verify the effectiveness of protective measures.
• Monitors network, personnel, external service providers, and the company’s physical environment to detect potential cyber security events.
• Monitor systems to detect malicious and unauthorized mobile code.
• Monitors environments for unauthorized personnel, connections, devices, and software.
• Establish and assist in the testing of the Business Continuity and Disaster Recovery plan to include:
o Assist with the execution and recovery processes and procedures to ensure timely restoration of systems or assets affected by cyber security events
o Assist with the execution (lead by the IT Manager) of the recovery plan and document the event.
o Assist with restoration activities with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems and management teams during recovery operations.
o Assist in improving recovery planning and processes by incorporating lessons learned into future activities and associated strategies.
• Maintain and test the Incident response plan to include:
o Develop, maintain, and execute response processes and procedures to ensure timely response to detected cyber security events.
o Test and continually improve detection processes and communicate detection information to senior leadership.
o Categorize incidents consistent with response plans.
o Educate and train personnel on their role and order of operations when a response is needed.
o Report events following internal and external requirements.
o Share information consistent with incident response plan and coordinate stakeholders as necessary.
o Promote situational threat awareness by executing voluntary information exchanges with key stakeholders.
o Conduct analysis to ensure adequate response and support recovery activities.
o Investigate notifications from detection systems and assesses impact of incident.
o Performs mitigation activities to prevent expansion of an event, mitigate its effects, and eradicate the incident.
o Improve organizational activities and readiness by incorporating lessons learned from current and previous detection/response activities.

Additional Duties May Include:

• Document and train new and existing Tier 1 and 2 analysts.
• Document and/or mitigate newly identified vulnerabilities.
• Supervise security operations center with company and third-party resources to provide continuous capability for security monitoring, detection, incident response, and recovery.
• Manage systems and processes to detect anomalies and events in a timely manner and ensures the potential impact of events are understood by all stakeholders.
• Develop a deep understanding of operational risks that drive appropriate response protocols that minimize company impact.
• Influence and improve existing processes through innovation and operational change.
• Apply knowledge of information assurance policy, procedures, and workforce structure to implement secure networking, computing, and enclave environments.
• Write authorization and accreditation documentation (and associated policies and procedures) ensuring systems are operated and maintained in accordance with these security plans.
• Support the configuration control board planning, assessment, risk analysis, and risk management
• Interface with the user community to understand their security needs and assist with the implementation procedures to accommodate them.
• Ensure that the user community understands and adheres to necessary policies and procedures in order to maintain security.

Required Skills

• Must possess the following soft-skills:
o Strong technical writing, documentation, and communication skills necessary to create and present findings to C-level management
o Team player
o Positive attitude and temperament to accept and learn from criticism
• Experience using Splunk and other Security Information and Event Management (SIEM) tools.
• Must be able to take actions necessary to protect the company from an existential cyber threat that is ongoing or an imminent threat.
• Must have working knowledge of tactics, techniques, and procedures for log analysis.

Skills, Experience & Qualifications:
• Bachelor’s degree in Computer Science.
• 6-10 years of Security Analysis experience working in a complex environment
• Perform analysis of security logs in an attempt to detect unauthorized/malicious activity
• Understand cyber-attack methods such as SQL Injection and Cross Site Scripting attacks (XSS)
• Strong analytical problem-solving skills, methodical approach to data analysis and a keen ability to identify threat activity, strong Incident investigation and analysis skills
• Document and contain security incidents detected on the network
• Ability to provide support off-hours as CIRT activity requires
• Ability to convert understanding of cyber-attack methodologies into innovative 0-day detection capabilities
• Establish strong working relationship with security vendors and internal peers to continually improve detection capabilities
• Use vulnerability assessment data to pinpoint potential points of attack
• Possess a comprehensive understand a variety of network protocols including TCP/IP, UDP, DHCP, FTP, SFTP, ATM, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP and HTTPS
• Utilize network sniffer tools to perform packet analysis
• Hands-on experience with IDS/IPS, SIEM, and web filtering solutions, specifically analyzing, crafting and tuning detection techniques
• Hands-on experience with APT/DPI technologies
• Knowledge of digital forensic and static malware analysis
• Understand and execute incident response process when a security incident has been declared
• Strong understanding of vulnerability assessment and management
• Research external trusted intelligence sources and leverage knowledge to detect events of interest
• Experience using vulnerability assessment and penetration tools is required

Desired Skills

Vendor certifications in the security field are a plus

Physical Demands and Working Conditions:
Normal office setting, therefore the noise level in the work environment is usually moderate. Work is generally sedentary in nature, but may require standing and walking. Use of hands to operate computer equipment. Frequent near vision use for reading and computer use.

EOE M/F/D/V
Polaris Alpha is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, disability status, or any other characteristic protected by law. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

Connect With Us!

Not ready to apply? Connect with us for general consideration.