Cybersecurity Strategist

Avertium seeks a skilled Cybersecurity Strategist to join our team. As a key member of our Security Operations Center, you will be responsible for conducting multi-step breach and investigative analysis to trace dynamic activities associated with advanced threats. This role requires strong written, verbal, and non-verbal communication skills, particularly in conveying complex information in an understandable manner. The ideal candidate will have a minimum of 5 years of experience working with Microsoft Active Directory and knowledge of NIST, FISMA, and DIACAP. Additionally, they should have experience managing an organization's PCI, HIPAA, or SSAE16 certification. The successful candidate will be able to analyze and resolve complex technical and business problems, making decisions based on multiple variables. They will also be able to interact with all levels of management and multitask simultaneously.

Key Responsibilities:

• Conduct multi-step breach and investigative analysis to trace dynamic activities associated with advanced threats.
• Perform investigation and escalation for complex or high-severity security threats or incidents.
• Work with SIEM Engineering to develop and refine correlation rules.
• Work on complex tasks assigned by leadership, which may involve coordination of effort among Level 1/2/3 analysts.
• Coordinate evidence/data gathering and documentation and review Security Incident reports.
• Assist in defining and driving strategic initiatives.
• Define tool requirements to improve SOC capabilities.
• Experience analyzing packet captures to identify malicious activity.
• Fluency in common network protocols including TCP/IP, DNS, TLS, HTTP.
• Experience with SIEM technology such as AlienVault USM Appliance, USM Anywhere, LogRhythm, and/or Wazuh IDS highly preferred.
• Malware reverse engineering experience a big plus, including tools used.
• Monitor, respond to, and analyze SIEM alerts from monitoring tools.
• Provide technical guidance/recommendations to clients to enhance their overall security posture within the managed products. Handles daily incidents; monitors, tracks, analyzes, and records.
• Work with vendors, outside consultants, and other third parties to improve information security within the organization.
• Responds to security-related tickets escalated from clients, and works collaboratively within the client to assist in resolving security events.
• Work with other IT professionals to resolve fast-moving vulnerabilities, such as spam, virus, spyware, and malware.
• Monitor security vulnerability information from vendors and third parties.
• Create Weekly and Monthly Status Reports, including daily technical task reports and contract deliverables.
• Proactive Threat Hunting using industry tools and existing IDS systems.
• Advanced Forensics skills to evaluate current malware and phishing threats.

Qualifications:

• Strong written, verbal, and non-verbal communication skills, especially conveying complex information in an understandable manner.
• CISSP, CISA, or GIAC certification is a plus.
• A minimum of 5 years of experience working with Microsoft Active Directory.
• Experience in managing an organization's PCI, HIPAA, or SSAE16 certification is preferred.
• Analyze and resolve complex technical and business problems.

Job/Experience Requirements:

• Knowledge with NIST, FISMA, DIACAP.
• Knowledge of Windows 2003-12 server platforms.
• Knowledge of VMware and VM server platforms.
• Knowledge of UNIX server platforms.
• Working knowledge of analyzing IIS, SQL, firewall, IPS/IDS, Windows.
• Web and mail logged events.
• Ability to analyze IANA assigned ports (well-known, registered, dynamic, and private ports).
• Ability to troubleshoot common network devices, network vulnerabilities, and network attack patterns.
• Ability to troubleshoot Windows Event IDs.
• Interact with all levels of management.
• Make decisions based on many variables.
• Manage multiple tasks/projects simultaneously.

Education and Certification Requirements:

• Minimum of Bachelor's Degree in computer science, telecommunications management, electrical engineering, or a related field or have 4 years of experience.
• Advanced network and systems certifications such as CCNP, CCNA, and CISSP, are preferred.
• Other industry certifications such as ITIL, Microsoft, Juniper, and Checkpoint are a plus.