CareFirst Careers

Lead IT Security Intrusion Analyst

Resp & Qualifications

The Lead IT Security Intrusion Analyst is responsible for  analizing various alerts and alarms within the CyberSecurity Infrastructure.  This position is also responsible for review and appropriate disposition of security tickets generated from the enterprise.  The incumbent will monitor data from various sources including, firewalls, intrusion prevention systems and other security infrastructure components.  The incumbent will research security events to determine severity and perform incident triage as necessary, while engaging appropriate CSIRT members to resolve the security incident.
 

Duties And Responsibilities

  • Analyze security event data from multiple sources to identify potentially malicious behavior within the environment.
  • Triage (determine scope, severity and priority) of offenses and events in Security Information and Event Management (SIEM) tool or within other security monitoring tools directly.
  • Serve as a Tier II escalation point for security events.
  • Develop automation between security monitoring tools to reduce the time to prevent.
  • Research vulnerabilities in applications and systems.  Provide recommendations for resolution and track remediation activities.
  • Respond to incident tickets within the specified period of time.
  • Prepare and monitor reports on the security posture of the organization.

Additional skils, experience and ablilites listed below would be nice to see....

  • Hands-on experience with Sourcefire/Cisco IPS, Snort, Suricata or similar
  • Ability to write IPS signatures for Sourcefire/Snort IPS
  • Thorough  understanding of networking at the packet level
  • Familiarity with Wireshark/Tshark, tcpdump, and BPF filters
  • Understanding of binary protocols such as DCE/RPC
  • Understanding of anomaly-based detection schemes
  • Experience with advanced malware defenses (FireEye, FireAMP, etc.)
  • Knowledge of common languages used in exploit kits and malware delivery systems (i.e., javascript)
  • OSINT collection and analysis
  • Familiarity with one or more popular scripting languages (Perl, Python, Ruby, PowerShell.)  Preferrably Python.
  • Familiarity with Bro NSM or similar
  • Knowledge of standard incident response frameworks
  • Vulnerability triage and assessment
  • Basic/intermediate level malware reverse engineering (binaries, malicious documents, etc.)
  • Exploit development experience
  • Write complex queries and triggers for QRadar, Sourcefire/Cisco (correlation rules), etc. in order to automate alerting
  • Experience deploying, maintaining and monitoring honeypots and honeynets
  • Active defense and cyber deception
  • Understanding of APT attack patterns and methodologies
  • Familiarity with QRadar, Splunk or other SEIM
  • Experience with database security such as Guardium, Imperva or native Oracle tools.
  • Familiarity with commercial Network-Based Anomaly Detection systems (Stealthwatch, etc)
  • Familiarity with advanced malware protection (FireEye, FireAMP, etc.)
  • Tune and configure sensor policies
  • OSINT collection and analysis

BASIC QUALIFICATIONS: 

  • Degree or equivalent experience: BA/BS or higher in CyberSecurity, Information Technology, Networking, Computer Science, MIS or related field
  • A minimum 5 years of demonstrated work experience in Information Security.  (Additional experience may be substituted for educational requirement.)
  • Specialized training (preferred, but not required in Security Information and Event Management platforms such as ArcSight, QRadar or Nitro. 
  • Commercial or Open Source Intrusion Prevention Systems. Malware analysis tool.  Linux or Unix administration. Forensic analysis and Penetration Testing.
  • Incumbent must have a firm understanding of Information and/or Cyber Security principles.  The incumbent must also be able to achieve certification across multiple domains such as networking, security, development languages, etc.

PREFERRED QUALIFICATIONS:

  • GCIA (GIAC Certified Intrusion Analyst), GCIH (GIAC Certified Incident Handler)
  • GPEN (GIAC Certified Penetration Tester)
  • OSCP (Offensive Security Certified Professional)
  • CISSP (Certified Information Systems Security Professional)
  • Fornesic certifications highly desirable

 

#LI-JL1

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply: www.carefirst.com/careers

Closing Date

Please apply before: 12/9/2020

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

PHYSICAL DEMANDS:

The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Information Technology