Latin America, Costa Rica, Sao Jose
Info Systems & Technology
Descripción del puesto
This role is responsible for daily and real-time monitoring of cyber security tooling and environments and the provision of Level I and II cyber security incident management to include: Detection and Analysis, Containment, Eradication, Recovery, Reporting, and Remediation. (Triage, Incident Handling and Threat Hunting) In addition to monitoring and incident management, the position is responsible for providing cyber security subject matter expertise, service management, and hands on administration of advanced cyber security tooling as assigned. Specific service management and administration assignments will vary by individual and may include services such as System Information & Event and Management (SIEM), Vulnerability and Patch Management, Data Leakage Protection, User Rights Management, Conditional Access or CASB, Application Whitelisting, Firewall management, and Anti-Malware. The position also supports road mapping, projects and risk assessments, policy management, reporting, and cross-training. The role will require working within the Security Operations Centre (SOC) and requires flexibility across all times zones as it involves engagement with colleagues from all locations of the global business. • The Security Operations Centre (SOC) is the component of BIS Enterprise Cyber Security responsible for monitoring, assessing, and defending the Smiths environment • Monitors cyber information, events, and alerts in the environment • Provides incident and problem management related to cyber security • Provides service management, configuration, and optimization of the various tools, services, and vendors utilized to monitor, track, and protect the environment • Provides project management and the implementation of new security tooling and configuration in line with Enterprise Cyber Security principles and policies.
Funciones y responsabilidades
• Monitor cyber information, events, alerts, and ticketing queues to identify security events and threats across multiple technologies to ensure security incidents are identified timely • Proactively research and maintain a proficiency in current and emerging threats, vulnerabilities and security technology developments • Evaluate and utilise intelligence for new threats and vulnerabilities to ensure protective monitoring is capable of detecting potential new attacks • Provide assurance of security posture through monitoring security system status • Respond to tickets and incidents as assigned • Support the incident and problem response process through to closure; • Act as Level II SME escalation; work with internal and external individuals in preparation and when necessary remediation/suppression • Support, maintain, and tune security tooling and systems as assigned • Support and maintain operational procedures and documentation • Ensure timely accurate communications of alerts to stakeholders responding to escalations, or will escalate if required as per the agreed processes • Work collaboratively with BIS teams to position information security as a key enabler within each service area • Make recommendations of counter-measures, mitigating controls, best practice configuration and processes to improve operational effectiveness and efficiency within security operations Proactively support the secure delivery of BIS strategies and delivery objectives
Technical Knowledge, Skills and Abilities: • Minimum four-year degree specific to information/cyber security or equivalent experience • Minimum two+ years hands-on firewall administration – preferably in a SOC environment • Professional information security certifications such as CompTIA Security+, CISSP, CISM, CCNA Security, CCNP Security, CEH, GIAC, or CISA required • Excellent communication skills with the ability to engage with a variety of different people • Strong analytical skills and problem-solving capabilities with attention to detail • Ability to work well with others, with an emphasis on virtual teams across multiple time zones • Recognise an respond to potential, successful, and unsuccessful cyber-attacks and compromises thorough reviews and analyses of relevant event detail Subject matter expertise in multiple security technologies and across the cyber security body of knowledge Planning and Decision Making: • Suggests decisions guided by internal policies in non-standard situations • Assists technical projects or programmes with moderate resource requirements, risk and/or complexity Verify customer needs; assesses requirements Impact and Scope: • Explains concepts to internal colleagues to adopt a different point of view • Assists with successful implementation of processes and policies aimed at continuous • Impacts the achievement of customer, operational, or project objectives Acts to ensure return on investment is achieved