Share this Job

Lead IT Security Engineer

Apply now

Date: Aug 13, 2019

Location: Oklahoma City, OK, US

Company: Enable Midstream

Position Summary

 

The Lead Security position ensures security and integrity of critical systems and environments utilizing various analytical methods and security toolsets. The position utilizes and improves existing detection and response protection methods and expands capabilities through configuration, improvements and cross-training. The position  leads investigations through data analysis and information gathering. Establishes pro-active measures for intelligence gathering related to malicious activity. Maintains threat intelligence relevant to our industry and produces reports and presentations to illustrate metrics, trends, activities, threats and risk gap to the company. Utilizes successful detection techniques to automate remediation where applicable. 

 

The position provides architecture, configuration and administration of security tool sets and infrastructure, as well as investigation of information security events.  The position provides input and support for the development and maintenance of policies and procedures. The position also researches, evaluates and recommends security solutions to solve business needs and cybersecurity needs. 
 
This position requires advanced knowledge within a functional area and is often considered an expert in own area of responsibility.  Work is performed without appreciable direction and completed work is reviewed from a relatively long-term perspective for desired results.  Develops technical solutions to highly complex or interrelated problems.  This position requires the ability to interpret and adapt theory and concepts into workable solutions.  Leads, mentors and provides oversight for less experienced professionals.  

 

Essential Duties & Responsibilities

 

  • Establish advanced cyber analytics through the use of software and security tools.  Analyze ecosystem to proactively identify threats or potential threats.
  • Investigate and remediate cyber threats, working with internal and external parties when required
  • Coordinate threat intelligence gathering and convert data into actionable detection and prevention methods.
  • Develop and implement detection use cases.
  • Perform internal and external penetration tests.
  • Lead security incident investigations.
  • Perform incident response, issue resolution, and assessment or communication of risk to the team and provide support by monitoring real-time alerts.
  • Lead others in area of specialization and ensure standards are followed and quality is achieved.
  • Develop and deliver complex security reports to management. 
  • Provide security configurations and solutions to identify and remediate threats.
  • Serve as a Cyber threat hunter and review security events to identify and prioritize potential threats and trends.
  • Create correlations and other logic to identify attackers and defend against advanced attacks. 
  • Develop and maintain incident response procedures; train stakeholders on appropriate action plans.
  • Determine and develop security architecture approaches and solutions, conducts business reviews and develop detailed specifications.
  • Act as the primary point of escalation and investigation for security events.
  • Collaborate with operational teams to identify, resolve and mitigate risk and vulnerabilities.
  • Monitor daily threat intelligence research and interact with external security organizations.

 
Minimum Education & Experience

 

  • Bachelor’s degree in a related discipline (e.g. Computer Information Systems, Information System Technologies, Management Information Systems).  In lieu of a degree, six (6) years’ experience will be considered.
  • Eight (8) years directly related experience in cybersecurity or incident handling/monitoring

 
Preferred Qualifications

 

  • GIAC Certified Incident Handler (GCSH), GIAC Systems and Network Auditor (GSNA)
  • CISSP, Certified Ethical Hacker (CEH), Certified Security Computer Incident Handler (CSIH), Experienced in Microsoft E5 Security Suite (O365/Azure) LogRhythm SIEM, Palo, ASA’s IPS

 
Knowledge, Skills, and Abilities

 

  • Advanced knowledge of incident response process and kill chain utilizing log analysis tools or similar tools.
  • Advanced Knowledge of current and past malware methods, attack methodologies, and TTPs (Tactics, Techniques, Procedures). 
  • Knowledge of with NetFlow or PCAP analysis.
  • Knowledge of with common scripting or programming language, including Perl, Python, Bash or PowerShell.
  • Strong analytical skills and experience; ability to recognize, analyze and solve complex problems
  • Advanced knowledge of  Windows, Linux, and Unix operating systems at the command line level.
  • Advanced knowledge of typical behaviors of malware and threat actors and how common protocols and applications function at a network level, including DNS, HTTP, and SMB.
  • Ability to create underlying logic that generate security alerts using tools or code.
  • Advanced knowledge of digital forensics and e-discovery.
  • Ability to write custom IDS signatures.
  • Advanced knowledge of Active Directory and authentication including PKI.
  • Advanced knowledge in SIEM, Firewalls, IPS, DLP, and endpoint protection solutions.
  • Advanced knowledge of TCP/IP protocol and network/packet analysis.
  • Advanced knowledge cloud computing technology
  • Advanced knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information security landscape
  • Ability to effectively handle pressures and demands of deadlines and competing priorities
  • Ability to handle confidential information and material with the highest degree of professional responsibility
  • In-depth conceptual and practical understanding of IT Infrastructure designs, technologies, products, and services. This should include knowledge of networking protocols, firewall functionality, host and network intrusion detection systems, operating systems, databases and 
  • other technologies.
  • Ability to learn and utilize a working knowledge of broad business environment, energy industry, and corporate operations.  
  • Ability to interact in a team environment.
  • Proficient use of Microsoft Office Suite

 
Physical Requirements

 

  • Able to exert up to 10 pounds of force occasionally to lift, carry, push, pull, or otherwise move objects.
  • Able to operate a personal computer, either desktop or laptop.
  • Able to sit and view computer terminal for extended periods of time.
  • Able to travel as required to perform job responsibilities.

 
Working Conditions

 

  • Able to work in a fast-paced office environment with high daily pressure. 
  • Ability to work on multiple projects at the same time. 
  • Ability to work indoors, in an office environment, regardless of whether cubicle, open office or private office.
  • Subject to normal office noise levels.
  • Able to work irregular or extended hours (nights and/or weekends) occasionally, as needed or required to meet established deadlines.
     

IND

 


Nearest Major Market: Oklahoma City
Nearest Secondary Market: Oklahoma

Job Segment: Corporate Security, Information Systems, Cloud, Engineer, Security, Technology, Engineering

Apply now
Find similar jobs: