We have an immediate long-term opportunity with one of our prime clients for a position Cyber Security Engineer - Illumio/Microsegmentation to work on Remote basis.
Must Have:-
- Illumio OR Microsegmentation – Anyone.
- Splunk
Basic Purpose
The company is seeking a Senior Cyber Security Microsegmentation Engineer to implement the latest technology and strategies and ensure the cybersecurity posture of the systems is effective across the organization and scalable. Additionally, this technical lead position will provide cybersecurity engineering support to research, evaluate, design, implement, maintain system and product solutions, applying knowledge of zero trust engineering principles around the Microsegmentation vendor solution. Provide technical direction and engineering support for projects and cyber security infrastructure. Develop and maintain expert functional knowledge of evolving IT engineering industry technologies/competition, concepts and trends. Operate as a technical lead to design, plan, implement, and rollout of the Microsegmentation solution across the enterprise to all in-scope workloads. Provide oversight and support in design, configuration, management and implementation of hybrid network environments, including Azure Cloud containers and workloads, on-premise data centers, Firewall, ISE, LAN, SD-WAN, etc.
Responsibilities
- Lead, conduct, and coordinate daily microsegmentation activities as of part of the Enterprise Security Services (ESS) team that designs, deploys, configures, protects, and manages the microsegmentation security services for the organizatoin’s global security infrastructure.
- Develop application dependency mapping (ADM) prior to deploying and configuring least privilege enforcement policies to restrict traffic flow between applications and various environments.
- Operate and manage workloads in both the on-prem and cloud environments, which may include: Microsoft Windows Servers, Red Hat Enterprise Linux, AIX, Kubernetes.
- Serve as the enterprise microsegmentation SME and point of escalation for numerous internal teams related to service interruptions, security issues, and incidents.
- Research relevant threat actors, attack vectors, and behaviors pertinent to the financial services sector. Ensure threat mitigations from the microsegmentation perspective are properly configured and tuned to defend against lateral movements and data exfiltration at a minimum.
- Lead all aspects of microsegmentation from deployment to operationalization, which may include analyzing application data flow, creating rulesets, review business requirements, management, documentation, automation, and technical support.
- Interface with the relevant Operating System Teams and Application Owners and Custodians to schedule and install patches, upgrades, and security fixes to the workload agents.
- Provide analysis, reporting, and recommendations on performance and capacity, automation, and monitoring and alerting efforts as related to microsegmentation.
- Interface with solution vendors to test and evaluate new product enhancements and versioning
- Conduct Intrusion event analysis and support the Cyber Security Operation Center (CSOC) Incident Response Management and Focused Operation teams as needed when cases are escalated.
- Work with the CSOC and provide scripting and automation support utilizing PowerShell, Bash, Python, and APIs.
- Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity.
- On-call availability for network impacting or network outage situations outside of business hours. In addition, participate in On-Call rotation (24x7) one week per month, which would include non-microsegmentation support managed by the ESS team.
- Develop and maintain associated microsegmentation documentation, playbooks, and Standard Operating Procedures (SOP) for the team to ensure our methodology is up-to-date and evolves over time.
- Provide operational requirements and recommendations to the Security Architects for service enhancements and system improvements.
- Provides mentoring to less experienced team members.
- Must be self-motivated and self-educating, yet willing and able to work collaboratively.
- Perform additional tasks in support of the ESS team outside of the microsegmentation role as required.
- Actively manage vendor relationship for critical information i.e., alerts, notices, patches, and upgrades.
- Able to demonstrate strong written, oral and presentation skills with the ability to discuss highly technical concepts to all audiences, ranging from non-technical people to executive level technical decision-makers.
- Ensures that all identified events are promptly validated and thoroughly investigated
- Able to listen and collaborate with audiences ranging from IT administrators to executive level stakeholders to understand their requirements and position our tools to fulfill those requirements.
- Participate in proof of concepts and other technical evaluations of technologies, designs and solutions and provide recommendations.
- Collaborating with programs and engineering teams regarding cybersecurity solution and alternatives to those solutions.
Qualifications
- Bachelor's Degree with a major in Information Technology, Computer Science/Computer Engineering, Engineering, Science or a related field.
- Minimum of 10 years of experience in network technology, firewall, and/or information security in a large enterprise environment.
- 5+ years of extensive experience with one of or more the following microsegmentation Solutions: Illumio Core (preferred), Cisco Secure Workload (CSW - Formerly Tetration), Akamai Guardicore, or network or Host-based firewall solutions
- Experienced information security engineer and/or security analyst who is goal-oriented and strives to exceed expectations.
- Strong proficiency with network protocols (TCP/UDP), network CIDRs and RFC1918 networks
- Experience with Windows server/Linux/AIX operating systems, Active Directory, ADFS, and Group Policy
- Experience with PowerShell and other scripting tools
- Strong troubleshooting skills using proactive and reactive methodologies
- Ability to work under pressure and adapt to quickly changing priorities in a fast-paced technology environment.
- Ability to work within a professional team, provide cooperation and information sharing, and possess interpersonal skills to work with a diverse population with a variety of skillsets
- Excellent communication and organizational skills, and the ability to stay focused on completing tasks and meeting goals within a busy workspace.
- Ability to work independently, manage time and competing priorities, own and complete tasks with minimal supervision
- Willingness to flex working hours to support critical high priority operational incidents.
- Strong working knowledge of Illumio Core, Cisco Secure Workload (Tetration).
- Strong understanding of attack vector activities such as: network reconnaissance probing/ scanning, DDoS, malicious code activity, remote execution exploits, etc.
- Possess extensive knowledge on network, endpoint, threat intelligence, as well as the functioning of specific applications or underlying IT infrastructure, and have experience with SIEM technologies (ie Splunk), EPP, EDR, and AV solutions.
- Strong Proficiency with packet analysis/Wireshark.
- Strong awareness of networking and internet protocols, including TCP/IP, subnets, DNS, SMTP, VPN, HTTP and distributed networks.
- Scripting experience would be a plus (ie: Python, bash, Powershell, etc).
- Experience with threat analysis, triage, and mitigation.
- Experience with security logging and monitoring SIEM products such as Splunk, etc.
- Excellent spoken, written communication, and presentation skills are essential.