SIRT

As an Enterprise Security Architect you will join a growing organization to lead a modern enterprise security program. In this role the Architect will have responsibility for identifying, defining, developing, leading security technology strategy across a broad portfolio of IAM, Cloud, End Point, Network, Web security and related technology systems, and the assessment of new and emerging identity technologies at the very large enterprise scale.

As a senior member of the team you will engage and partner with senior leaders across the organization leveraging your extensive background in (managing / delivering / implementing / architecting) security technology combined with expertise in organizational and cross-functional communication to develop strategy, influence roadmaps, solution adoption, champion strategic opportunities / execution plans with the aim to improve security capabilities, reduce risk and position forward looking identity governance and security enhancements

• Responsible for defining an architectural vision and architecture for large complex solutions, which aligns with the enterprise architecture strategy, technology and platform choices

• Describes the solution intent and the associated operating environment, determining the primary systems/subsystems and their interfaces, defining non-functional requirements and architectural runway to support new epics/features and expand into new opportunities

• Ensures the solution is fit for purpose and use by working with stakeholders, vendors/service providers, and evaluating the impact of strategic design decisions

• Contributes to best practices, standard templates, and the architecture roadmap for defined domains.

• Creates endpoint/host, workplace productivity security reference architecture and design patterns for reusability.

• Contributes in the creation of the architecture roadmap of defined domains (Business, Application, Data and Technology) in support of the product roadmap

• Contributes to the development of best practices including standardized templates

• Works across business and technology to create the solution intent and architectural vision for large complex solutions and evolves it based on an emerging backlog

• Works with Product Manager/Owner to plan and prioritize technology focused backlog items for the architecture runway to enable business epics/features and expand into new opportunities

• Clarifies the architecture for the development teams to support implementation, and provides solution options to resolve any architectural impediments

• Performs design and code reviews to ensure all non-functional requirements for a solution are sufficiently met (e.g. security, performance, maintainability, scalability, usability, and reliability)

• The platform security architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.

• Develop blueprints and procedures to effectively secure company data against accidental or unauthorized modification, destruction or disclosure.

• Create and define the security architectures and roadmaps encompassing cloud architecture, access management, and monitoring.

• Design and develop data security architectures for cloud and cloud/hybrid-based systems.

• Align architectural design technical controls and solutions to industry best practices and guidelines (e.g., NIST CSF, CSA, CIS, OWASP)

What are we looking for?

We want strong collaborators who can deliver a world-class client experience. We are looking for people who thrive in a fast-paced environment, are client-focused, team oriented, and are able to execute in a way that encourages creativity and continuous improvement.

Requirements:

• 10+ years of hands-on experience with scoping, sizing, designing, architecting & building IAM solutions across various technologies, or demonstrated ability to meet job requirements through comparable work experience.

• Expert level knowledge of authentication/authorization standards, protocols, and frameworks such as FIDO, OpenID, SAML, OAuth, JWT, CA, X.509, MTLS, etc.

• Technical expertise and experience with Microsoft MFA, SailPoint, CyberArk, ForgeRock, Okta, Ping, Active Directory, Azure Active Directory, AWS, Google Cloud Platform, Microsoft Azure, and IDM integration across domains

• Solid understanding of Cloud concepts and hands on knowledge on Azure/AD or other cloud identity environments.

• Experience designing and implementing security services and tools applied to GCP, Azure and AWS

• Expertise with Data Loss Prevention and CASB strategies and solutions supporting security of critical SaaS solutions such as Office 365, etc.

• Experience with Hybrid cloud architectures and designs

• Must have experience with Internet Application Hosting architectures, best practices and related technologies to effectively protect externally facing applications

• Experience with DevSecOps process, Container technologies (Docker, Kubernetes), API Gateways, and other common web application technologies is preferred

• Strong knowledge of enterprise security concepts/frameworks and products, secure design principles and best practices

• Strong verbal and writing skills to develop technical documentation and presentations

• Experience in leading technical architecture and security design discussions

• Experience managing multiple multi-level stakeholder relationships

• Bachelors in Computer Science, Computer Engineering or related field

“Such other task that Company may assign you time to time”.

A malware analyst examines malicious software, such as bots, worms, and trojans to understand the nature of their threat. This task usually involves reverse-engineering the compiled executable and examining how the program interacts with its environment. The analyst may be asked to document the specimen's attack capabilities, understand its propagation characteristics, and define signatures for detecting its presence. A malware analyst is sometimes called a reverse engineer.

Security product companies, in industries such as anti-virus or network intrusion prevention, may hire malware analysts to develop ways of blocking malicious code. Large organizations in non-security industries may also hire full-time malware analysts to help protect their environment from attacks, or to respond to incidents that involve malicious software. Malware analysis skills are also valued by companies that cannot justify hiring full-time people to perform this work, but who wish their security or IT administrators to be able to examine malicious software when the need arises.

1.Triage of security alerts that includes but not limited to malware, denial of service, unauthorized access, etc.

2. Conduct incident investigations on SIEM tools.

3. Perform threat hunting on networks to detect and isolate threats.

4. Knowledge of various security methodologies and processes, and technical security solutions (firewall, packet analysis, SIEM and intrusion detection systems)

5. Continuous optimization, tuning and monitoring of SIEM solution

6. Hands on experience around administrating and threat hunting on EDR, XDR, DLP and SIEM tools.

7. Ability to analyze endpoint, network, and application logs

8. Identify false positives, analyse reported spam, phishing, and suspicious emails and understanding of email security concepts: SPF, DMARC, DKIM

9. Immediate Joiners

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

F5 is looking for a Sr. Security Engineer with experience in building, integrating, operating, and maintaining robust security monitoring and auditing systems. F5’s Edge 2.0 platform provides global, scalable, and secure way to deploy applications. In this position, you will build and maintain monitoring and audit systems across the platform that provide necessary visibility and alerts to effectively defend the platform.

Responsibilities:

• Collaborate with software architects, security defenders, Operations, SRE, compliance experts, and business leaders to understand the logical boundaries of the systems and identify the events to monitor, audits to maintain, alerts to tweak, as well as systems to integrate with
• You will continuously hunt for areas and metrics to be added into monitoring systems for better operational visibility, incident response capability, availability, and forensics capability of the overall platform
• You will participate in the definition of processes around change and inventory management and develop solutions to audit the changes
• You will work with other teams within security organization to define communication and alerting protocols for effective and timely actions
• You will participate in defining and executing the Incident Response Plan for the platform and be responsible for providing necessary information during the response and forensics
• Demonstrate technical leadership in multiple domain areas, providing mentorship to other team members

Minimum qualifications:

• BS degree in Computer Science or equivalent with 5+ years of security operation and monitoring experience
• Experience with logging, monitoring, SIEM, dashboarding tools like AWS GuardDuty, Sumo, Grafana, SolarWinds, DataDog, Splunk, etc.
• Working knowledge of at least one Cloud Computing platform (e.g. Amazon AWS, Microsoft Azure, Google Compute etc.)
• Good understanding of how to handle logs from various systems, integrate with systems handling logs and metrics, how to setup and tune alerts based on thresholds and policies
• Hands on experience with computer programming languages and/or scripting languages such as Python, Java, Shell
• Good understanding of complexities and security challenges in large-scale distributed systems
• Working knowledge of Cloud orchestration systems such as Kubernetes, Openstack etc.
• Self-motivated and willing to delve into new areas and take on new challenges in an enthusiastic manner
• Excellent written and verbal communication skills
• Strong interpersonal, team building, and mentoring skills

Job Description

Cyber Threat Intelligence & Threat Hunting - Subject Matter Expert (B3-2)

Responsibilities:

Perform threat research, create actionable threat advisories, and derive hunting queries based on the evolving threat vectors.

Understand APT groups, Conduct deep dive technical analysis of cyber-attack tools, tactics, and procedures. Create hypothesis and perform active threat hunting.

Minimum Requirements:

10+ years of overall experience, 7+ years of experience in cyber threat intelligence, malware analysis (Reverse engineering)

Hands-on experience with writing threat hunting hypothesis & active threat hunting

Experience with YARA rule and OpenIOC signature creation.

Experience with multi-tiered mission-critical systems.

Experience in opensource sandbox and honeypots.

Preferred Certification

GIAC Cyber Threat Intelligence (GCTI)

C| TIA (Certified Threat Intelligence Analyst)

CCTIA by the NICCS

• Assist the Manager with the planning, analysis, development of framework and deployment of CTVM program.
• Assist in continuous day-to-day operations of CTVMprogramincluding managing external CTVM service providers and scoping, scheduling, scanning, prioritizing and remediating IT vulnerabilities
• Assist in maintaining a current and comprehensive inventory of all IT hardware and software within the IT environment, including cloud.
• Assist in ensuring periodic static application security testing (SAST), dynamic application security testing (DAST) or any form of application security testing is conducted.
• Assist the Manager in maintaining current cyber threat model 
•  Assist in identifying dependencies and timelines required to address vulnerabilities, including system patching, deployment of specialized controls, code or infrastructure changes, and changes in build engineering processes
• Assist in the development of policies, procedures and standard operating models for the CTVM program.
• Assist in tracking key performance indicators (KPIs) and key risk indicators (KRIs).
• Assist in data collection and maintenance of technical and management cyber security dashboard.
• Assist in the preparation of periodic reporting to management on the outcomes of the CTVM program.
• Provide technical advisory services to our stakeholders to ensure an enterprise-wide resilient IT environment with regard to cyber security.

The Incident Response Senior Principal Analyst leads a team of experts with diverse skill sets across areas such as Security Operations Center (SOC), Forensics, and other applicable technical Subject Matter Expert (SME) resources. The IR Senior Principal Analyst is specifically tasked with managing all aspects of an Incident Response engagement to include incident validation, monitoring, containment, log analysis, system forensic analysis, and reporting. The IR Senior Principal Analyst is also responsible for developing and sustaining strong relationships with our clients, and client’s counsel to ensure the engagement’s objectives and expectations are met and executed successfully as documented in the statement of work. The incumbent of this role should display a strong foundation of technical expertise in Cybersecurity, Incident Response, and Digital Forensics to successfully execute the responsibilities associated with this role.  

ROLES AND RESPONSIBILITIES

• Supports the management of the technical aspects from client setup and kickoff to supporting the reporting process.
• Co-leads project scoping calls to accurately collect information from the client concerning the incident to include but not be limited to the client’s environment, size, technology, and security threats. Responsible for capturing all client’s expectations and objectives throughout the engagement to ensure successful engagement delivery.
• Organize and maintain an inventory of requests sent to the client to include at a minimum public IP ranges, requested information (including systems for collection), collected logs, systems Skadi or full systems, and any other requested made of the client by Arete or counsel.
• Works directly with the client and other Arete team members to preserve and collect artifacts for forensic analysis.
• Engages in communications with the TA for negotiation and recovery of decryption keys or manages the ransomware specialist team.
• Ensures deadlines are met and timely update meetings are established with client and counsel.
• Responsible for quality control over the budget of engagement and proactively identifying the need for addendums for engagements. Discusses with counsel before provided addendum.
• The main point of contact who manages and participates in all communications with the client and client’s counsel during the engagement. Assists with the development of communications.
• Supports the management and coordination of all technical efforts for the IR engagement to drive the process forward through; tool deployment, ransomware decryption, restoration, and recovery efforts, system rebuilds, system, application, and network administration tasks. 
• Coordinates with the Ransom Specialist when ransom negotiations are needed. Ensures updates regarding ransom status are delivered to the client and counsel in a timely fashion.
• Manages and coordinates the onsite efforts with the Onsite Lead or team ensuring they understand and can execute the objectives for the onsite work. Additional responsibilities with onsite efforts include ensuring communications are frequent and getting the daily onsite update communicating these back to the IR Director and/or IR Ops Associate for their Tiger Team.
• Co-manages restoration team when engaged with the client for recovery of systems, data collection, and SentinelOne (S1) deployment.
• Partners with the Forensic Lead to coordinate additional data collection requests pertinent to the investigation.
• Communicates in tandem with the Forensic Lead relevant findings to the client during the investigation.
• Designs and executes a strategy to install S1 and live response data within the SLAs set by Arete.
• Manage the SOC for accurate reporting of S1 metrics from threats to checked-in systems based on the need from the client.
• Follows up with the SOC Lead on SentinelOne alerts and encourages/coordinates client participation with the product. 
• Organizes the updates for client and counsel and acts as the "quarterback" for leading update calls when prompted by counsel; maintains an organized and methodical approach for providing updates from negotiations, system restoration, data collection forensics, and closeout. Accountable for final report review, ensuring the report is accurate, professional, and meets the objective of client counsel.
• Can troubleshoot instability issues within infected operating systems and stabilize the system for continued recovery.
• Cross trains across the IR services within SOC, IR Lead, Forensics, and Restoration.
• Supports peers and IR Directors within the engagement lifecycle. Familiarizes oneself with the negotiation tactics and communications with threat actors.

• Other duties as assigned.

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required personnel so classified. 

SKILLS AND KNOWLEDGE

1. Experience delivering consulting engagements in a fast-paced environment
2. Experience leading scoping calls
3. Strong background and practical hands-on experience with Windows or Linux System and Network Administration, Security DevOps, Incident Response and Digital Forensics, or Security Engineering
4. Practical experience performing in a functional role including but not limited to one or more of the following disciplines: computer forensics, Incident Response, data analytics, Security Operations, and Engineering, Digital Investigations
5. Knowledgeable of collection methodologies and tools.
6. Comfortable working within various OS including Windows, Linux, and OSX
7. Organized communications and notes
8. Communicates clearly and concisely
9. Generally knowledgeable of the multiple services that comprise an IR investigation
10. In-depth knowledge of the ransom negotiation process and details it accordingly to clients

Responsibilities:

The Senior Information Security Engineer is responsible for the implementation, execution and maintenance of technology solutions to mitigate risk, to protect the IT and Engineering environments by reducing the probability of, and to minimize the effects of, damage caused by malware, malicious activities and security events.

The individual will help protect the company by deploying, tuning, and managing security tools across the computing environment, as well as provide security incident response cycle support. They should have a passion and skills for identifying the latest cyber threats. The individual will:

Basic Qualifications

• Working knowledge of infrastructure-as-code and CI/CD pipelines tools (i.e. Jenkins, Teamcity, CircleCI etc..)
• Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement
• Deep hands-on security experience with cloud providers, such as AWS, GCP, Azure
• Understanding of automated security testing approaches and tools
• Experience with proactive integration of security into the development process
• Lead continuous improvement efforts of out security tools and systems (Concertation on SIEM, IDS, EDR Tools)
• Work with our customers (Security Operations, Incident Response, and Product teams) to incorporate high quality security alerting into their operational workflows
• Improve overall security practitioner efficiency through process automation
• Foster and promote collaboration among all members of the IT, Infrastructure, and Risk Management Departments.

Minimum Qualifications/Requirements

• BS or MS in Computer Science or related field
• Minimum 7+ years of cybersecurity experience
• Must have previous experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems
• Experience in deployment, development, and maintenance of SIEM
• Experience writing and using Ansible server administration scripts, and create simple Python, BASH, or Powershell scripts to automate cybersecurity functions
• Scripting experience to automate security operations, alerting, and compliance checks, CI/CD design, deployment, and management
• Experience with managing endpoint response and detection infrastructure and endpoints at the enterprise level, including performing upgrades to the back end application and deploying new agent versions to endpoints
• Understanding the investigative process and performing triage for cybersecurity incidents
• Experience maintaining industry leading security technologies or infrastructure systems in complex technical IT operations environment
• Must be detail-oriented and organized with ability to handle competing demands while meeting deadlines
• Experience in authentication protocols and frameworks to include OAuth, and AWS IAM
• Proactive and motivated; team player with a positive can-do attitude
• Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines
• Ability to communicate technical concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change