You will manage security incident handling, device health monitoring, and network vulnerability assessments in Cary, NC.
Responsibilities
Investigate security incidents to distinguish real threats from false positives and execute remediation steps.
Monitor network connectivity and device health, collaborating with vendors and support teams for hardware replacement or reconfiguration.
Analyze security events from firewalls, IDS/IPS, and security logs to perform near real-time IP blocking at the perimeter.
Interpret PCAP data and firewall logs to assess network changes for potential vulnerabilities and address incidents involving PII, information spills, stolen assets, insider threats, and malware.
Manage ticket queues to ensure SLA attainment and prepare detailed shift turnover reports.
Required Skills
5+ years of experience in network security or incident response.
Hands-on experience with Sourcefire, Checkpoint, Tripwire, and Bluecoat Proxy.
Proficiency in Splunk and ArcSight for security event correlation.
Capability in payload and packet analysis (PCAP).
Experience responding to security threats via IDS/IPS and firewall logs.
Knowledge of ITIL frameworks or working within an ISO operating environment.
Ability to support customer audits and remediation plans including STIG, POAM, ATO, and CTO.
Active technical certifications in the security field.