Polaris Alpha develops innovative solutions to the most significant challenges affecting our Nation's ability to collect, utilize, and defend digital information. We’re passionate about developing cutting-edge, creative solutions, and fostering a highly sought-out place of employment for many of the brightest minds in the industry. We are the best because we hire the best. At Polaris Alpha, we have developed a culture of going above and beyond the normal expectations in the delivery of our work. Our clients and employees are the number one reason why we’re successful, and that formula won’t be changing!
The Senior Information Security Engineer is part of a team of Security Analysts and Engineers to support watch operations. The analyst will participate in an on-call rotation to provide leadership support after hours and on weekends when necessary. The position requires the monitoring of events that have the potential to compromise the safety and security of the enterprise, offices, data centers, and other corporate locations.
This individual will provide support to professional associates during business disruptions and will manage the escalation and communication to both Corporate Support and BU leadership. Additionally, the analyst will assist the cross-organizational crisis management team in situations when the Security Vulnerability Engagement Process (SVEP) is enacted.
The Senior Information Security Engineer will be responsible for monitoring and analyzing network traffic and security event data, as well as responding timely and appropriately to security events or incidents and assess the severity of the risk and impact to the production environment. This role will investigate intrusion attempts and perform in-depth analysis of exploits. This individual must also be flexible and be able to collaborate well with other staff in discussing production impacting issues, reviewing relevant security event logs, and escalating significant items as appropriate.
• Provide first responder forensics analysis and investigation of Severity 1 security incidents.
• Provide forensics analysis and investigation of Severity 2 to Severity 3 security incidents through escalation from Tier 2 Analysts.
• Work with Tier 2 Analysts to communicate findings during investigation for documentation and escalation.
• The Senior Information Security Engineer will drive the containment strategy during data loss or breach events including:
o Triage and resolve advanced vendor attack such as botnets and advanced persistent malware.
o Work directly with data asset owners and business response plan owners during high severity incidents.
o Determines the impact of events and recommends incident alter thresholds.
o Aggregates and correlates event data from multiple sources and sensors.
• Reviews aggregated threat feed data from Tier 2 Analysts to determine tuning of countermeasure required or vulnerabilities to be remediated outside of the Risk/IT process.
• Reviews vulnerability scans for high vulnerabilities and prioritizes remediation actions required for asset owner and feed Tier 2 Analyst for ticketing and tracking.
• Provide tuning recommendations of policy in security control tools to tool administrators based on findings during investigations or threat information reviews.
• Provide recommendation tuning of the IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data incidents, or vulnerabilities and exploits of downstream systems.
• Issue documentation and proactively contacting customers when an issue is resolved to ensure the service provided met or exceeded the customer expectations.
• Review weekly security incident metrics.
• Find trends in security incident for security problem identification, control deficiencies, gaps in countermeasure capabilities and publish findings monthly for operational reviews.
• Monitoring and analyze network and security event data from a variety of sources to identify internal security events based on internal and common intelligence sources.
• Investigate intrusion attempts and perform in-depth analysis of exploits.
• Stay abreast of the threat landscape through open sources and observed activity.
• Development and documentation of Tier 1 or 2 Analyst activities and workflows.
• Analyzes detected events to understand attack target and methods.
• Monitors information systems and assets at discrete intervals to identify cyber security threats and events and verify the effectiveness of protective measures.
• Monitors network, personnel, external service providers, and the company’s physical environment to detect potential cyber security events.
• Monitor systems to detect malicious and unauthorized mobile code.
• Monitors environments for unauthorized personnel, connections, devices, and software.
• Establish and assist in the testing of the Business Continuity and Disaster Recovery plan to include:
o Assist with the execution and recovery processes and procedures to ensure timely restoration of systems or assets affected by cyber security events
o Assist with the execution (lead by the IT Manager) of the recovery plan and document the event.
o Assist with restoration activities with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems and management teams during recovery operations.
o Assist in improving recovery planning and processes by incorporating lessons learned into future activities and associated strategies.
• Maintain and test the Incident response plan to include:
o Develop, maintain, and execute response processes and procedures to ensure timely response to detected cyber security events.
o Test and continually improve detection processes and communicate detection information to senior leadership.
o Categorize incidents consistent with response plans.
o Educate and train personnel on their role and order of operations when a response is needed.
o Report events following internal and external requirements.
o Share information consistent with incident response plan and coordinate stakeholders as necessary.
o Promote situational threat awareness by executing voluntary information exchanges with key stakeholders.
o Conduct analysis to ensure adequate response and support recovery activities.
o Investigate notifications from detection systems and assesses impact of incident.
o Performs mitigation activities to prevent expansion of an event, mitigate its effects, and eradicate the incident.
o Improve organizational activities and readiness by incorporating lessons learned from current and previous detection/response activities.
Additional Duties May Include:
• Document and train new and existing Tier 1 and 2 analysts.
• Document and/or mitigate newly identified vulnerabilities.
• Supervise security operations center with company and third-party resources to provide continuous capability for security monitoring, detection, incident response, and recovery.
• Manage systems and processes to detect anomalies and events in a timely manner and ensures the potential impact of events are understood by all stakeholders.
• Develop a deep understanding of operational risks that drive appropriate response protocols that minimize company impact.
• Influence and improve existing processes through innovation and operational change.
• Apply knowledge of information assurance policy, procedures, and workforce structure to implement secure networking, computing, and enclave environments.
• Write authorization and accreditation documentation (and associated policies and procedures) ensuring systems are operated and maintained in accordance with these security plans.
• Support the configuration control board planning, assessment, risk analysis, and risk management
• Interface with the user community to understand their security needs and assist with the implementation procedures to accommodate them.
• Ensure that the user community understands and adheres to necessary policies and procedures in order to maintain security.