Information Security Threat Consultant

245 Information Security Threat Consultant III Hiring Manager Summary As a Security Incident Response Analyst at CUNA Mutual, you will work with a diverse team of analysts conducting event detection, incident triage, incident handling, and remediation. The person selected for this role will be responsible for the day-to-day response to cyber security related incidents which includes mitigating and defending against malicious cyber activity, distinguishing events from benign activities, supporting high impact incidents and generating clear and concise recommendations to these types of events. The Security Incident Response Analyst will provide in-depth analysis of security related datasets such as logs, event data, and alerts from diverse network devices and applications within CMFG's environment to identify and troubleshoot specific incidents. Additionally, the Security Incident Response Analyst will make sound technical recommendations that allow our IT teams to quickly remediate the identified issue. Ideally we would like someone within the Wisconsin area in case of a major security incident. But open to fully remote candidates for the right candidates! Responds to computer security incidents according to the security incident response program and procedures Provides timely and relevant updates to appropriate stakeholders and decision makers Analyze cyber security incidents to solve issues and improve incident handling procedures Performs root-cause analysis to document findings, and participate in root-cause elimination activities as required Triages and assesses the risk of incidents, performing real-time analysis and managing workload during incidents Creates runbooks for frequently occurring incidents to automate or at least assist with the resolution of those cases Job Purpose: Functioning independently, incumbents in this role provide professional and technical support in the Information Security space. This position participates in the triage and resolution of Information Security events and alerts, responds to threats, and develops procedures to maintain the confidentiality, integrity, availability and accountability for all aspects of safeguarding or protecting information or data, in whatever form, for CUNA Mutual Group and its subsidiaries. The primary objective of this role is to perform the analysis required to support the Incident Response function. The secondary function of this role is to participate in operational support when an event is escalated. The tertiary function of this role is to perform the tactical work necessary to support our managed security service providers and technical capabilities. Job Responsibilities: Incumbents in this role perform the following responsibilities in an Independent/ Advanced capacity to support complex Information Security work across CMFG. Help design security procedures to detect and respond to threats. Incident Response: Under the guidance of Information Security management, act as a member of the incident response team. Help design security procedures to detect and respond to threats. Product Management: Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. Define and document routine procedures, configuration parameters, batch processes and scheduled maintenance for systems and software. Perform testing, quality assurance and schedule changes for non-routine updates and upgrades to systems and software. Develop recovery plans to restore services. Guide and monitor staff in the completion of delegated tasks in the accomplishment of the above. Oversight of managed service providers: Maintain relationships with managed service providers. Serve as a point of contact and liaison. Help drive continuous improvement with our providers. Operational Support: In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. Enter and maintain records, follow up on and provide status reports of all events. Provide timely notification of critical events to Information Security management and staff. Direct subordinate staff to coordinate response if event is escalated. Technical Consulting: Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence. Develop and manage technical security procedures in accordance with industry best practices. Research & Development: Make inquiries and investigate when needed for requests which requires additional information. Research new and existing technologies that can be introduced or used to replace existing technologies. Project Participation: Provide Information Security guidance through all phases of a project when identified as a necessary resource to design/build/run, improve or maintain software, systems and processes. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. Job Requirements: BS in MIS or CS or equivalent trade-off in related education and related professional work experience 6 years’ experience in investigating incidents while being part of an incident response team Experience working on Information Security Incidents, investigation, containment and remediation Extensive understanding of network, infrastructure, and computer related incidents and the technical response activities entailed Comprehensive knowledge of the CISSP Common Body of Knowledge Professional certifications in one of the following programs: SANS Global Information Assurance Certification ISC2 ISACA Demonstrated working knowledge of information security concepts in at least (12) of the following: digital forensics; cryptography; incident response; managed security services; web, url, mobile code filtering; network security; patch, configuration management; penetration testing; spyware, anti-virus, anti-worm detection; vulnerability management; web, e-commerce security; wireless, mobile security; security information management; OS, platform security; application development security; database security; end-point security; business continuity, disaster recovery; e-mail security; storage security; access control software; strong authentication; pki, digital signatures, certificate authorities; identity management, entitlement, authorization; password management, provisioning, single sign-on; audit & compliance; security policy; risk management; software development lifecycle, systems development lifecycle Experience designing and administrating log management solutions, Intrusion Detection Systems (IDS), Anti-virus products, Data Loss Prevention (DLP), File Integrity Monitoring (FIM), Active Directory, scripting, PowerShell, Operating Systems, or Networking equipment. Demonstrated Leadership skills and ability to influence a variety of audience Ability to navigate ambiguity Demonstrated good judgment and reliability Demonstrated expertise in architecture design with the ability to teach others Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing. Proven ability to provide a high level of customer service Job Analysis: 1. What is the average amount of time on the job for a new incumbent, who meets all minimum requirements, to learn most aspects of this position? 12 months 2. Identify and describe this position’s most typical challenges or problems. In an independent capacity: Support Information Security services Providing guidance to team members as it relates to Information Security Participating in or leading Information Security incidents 3. Identify and describe this position's most complex duties and challenges or problems. In an independent capacity: Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence Complete security reviews and approvals for IT solutions Develop and manage technical security procedures in accordance with industry best practices 4. Position does conduct training or give workflow guidance to other staff in own work area or customers on a regular basis: Training: 10% of time spent training on a weekly basis to a variety of jobs. Work flow guidance: 30% of time spent providing workflow guidance on a weekly basis to a variety of jobs 5. Job Impact/Nature of Work In an independent capacity act as a member of the incident response team. Help design security procedures to detect and respond to threats. Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence Develop and manage technical security procedures in accordance with industry best practices. Gather customer requirements, negotiate service level agreements and develop availability plans. Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. 6. Internal/External Contacts.....Please elaborate on the position’s contacts inside and outside the company and the purpose/nature of the contacts necessary to perform job duties. In an Independent Capacity Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence. Gather customer requirements and develop availability plans. In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. 7. Are there any unusual physical conditions surrounding your work that can be considered disagreeable (such as heat, cold, wet, fumes, noise, etc.) and/or are you exposed to any accident and health hazards? If so, please give examples and occurrence frequency. Common conditions involved with this work include: daily extended exposure to personal computer keyboards and screens, stress due to deadlines, production problems, visibility of issues, multiple initiatives and priorities, after-hours calls which may require coming in to work in the middle of the night or over the weekend, etc. Criteria for Advancement: CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL I (grade 235) Consistently meets expectations on all job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL I TO LEVEL II (grade 240) Meets all and exceeds on many of the expectations in the Level I job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in the minimum requirements of Level II. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL II TO LEVEL III (grade 245) Meets all and exceeds on many of the expectations in the Level II job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in minimum requirements of Level III. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL III LEVEL IV (grade 250) Meets all and exceeds on many of the expectations in the Level IIII job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in minimum requirements of Level IV. Security Incident Response Analyst Information Security Threat Consultant II-240 Job Code: 007127 Grade: 240 Job Purpose: This position provides participates in the triage and resolution of Information Security events and alerts, responds to threats, and develops procedures to maintain the confidentiality, integrity, availability and accountability for all aspects of safeguarding or protecting information or data, in whatever form, for CUNA Mutual Group and its subsidiaries. The primary objective of this role is to perform the analysis required to support the Incident Response function. The secondary function of this role is to participate in operational support when an event is escalated. The tertiary function of this role is to perform the tactical work necessary to support our managed security service providers and technical capabilities. Job Responsibilities: Incident Response: Under the guidance of Information Security management, act as a member of the incident response team. Help design security procedures to detect and respond to threats. Product Management: Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. Define and document routine procedures, configuration parameters, batch processes and scheduled maintenance for systems and software. Perform testing, quality assurance and schedule changes for non-routine updates and upgrades to systems and software. Develop recovery plans to restore services. Guide and monitor staff in the completion of delegated tasks in the accomplishment of the above. Oversight of managed service providers: Maintain relationships with managed service providers. Serve as a point of contact and liaison. Help drive continuous improvement with our providers. Operational Support: In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. Enter and maintain records, follow up on and provide status reports of all events. Provide timely notification of critical events to Information Security management and staff. Direct subordinate staff to coordinate response if event is escalated. Technical Consulting: Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence. Develop and manage technical security procedures in accordance with industry best practices. Research & Development: Make inquiries and investigate when needed for requests which requires additional information. Research new and existing technologies that can be introduced or used to replace existing technologies. Project Participation: Provide Information Security guidance through all phases of a project when identified as a necessary resource to design/build/run, improve or maintain software, systems and processes. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. Job Requirements: BS in MIS or CS or equivalent trade-off in related education and related professional work experience 4 years’ experience in investigating incidents while being part of an incident response team Experience working on Information Security Incidents, investigation, containment and remediation Understanding of network, infrastructure, and computer related incidents and the technical response activities entailed Comprehensive knowledge of the CISSP Common Body of Knowledge Must achieve a professional certification within one year of employment in one of the following programs: SANS Global Information Assurance Certification ISC2 ISACA Demonstrated working knowledge of information security concepts in at least (12) of the following: digital forensics; cryptography; incident response; managed security services; web, url, mobile code filtering; network security; patch, configuration management; penetration testing; spyware, anti-virus, anti-worm detection; vulnerability management; web, e-commerce security; wireless, mobile security; security information management; OS, platform security; application development security; database security; end-point security; business continuity, disaster recovery; e-mail security; storage security; access control software; strong authentication; pki, digital signatures, certificate authorities; identity management, entitlement, authorization; password management, provisioning, single sign-on; audit & compliance; security policy; risk management; software development lifecycle, systems development lifecycle Experience designing and administrating log management solutions, Intrusion Detection Systems (IDS), Anti-virus products, Data Loss Prevention (DLP), File Integrity Monitoring (FIM), Active Directory, scripting, PowerShell, Operating Systems, or Networking equipment. Ability to navigate ambiguity Demonstrated good judgment and reliability Proven ability to provide a high level of customer service Job Analysis: 1. What is the average amount of time on the job for a new incumbent, who meets all minimum requirements, to learn most aspects of this position? 12 months 2. Identify and describe this position’s most typical challenges or problems. Support Information Security services Providing guidance to team members as it relates to Information Security Participating in or leading Information Security incidents 3. Identify and describe this position's most complex duties and challenges or problems. Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence Complete security reviews and approvals for IT solutions Develop and manage technical security procedures in accordance with industry best practices 4. Position does conduct training or give workflow guidance to other staff in own work area or customers on a regular basis: Training: 10% of time spent training on a weekly basis to a variety of jobs. Work flow guidance: 20% of time spent providing workflow guidance on a weekly basis to a variety of jobs 5. Job Impact/Nature of Work Act as a member of the incident response team. Help design security procedures to detect and respond to threats. Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence Develop and manage technical security procedures in accordance with industry best practices. Gather customer requirements, negotiate service level agreements and develop availability plans. Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. 6. Internal/External Contacts.....Please elaborate on the position’s contacts inside and outside the company and the purpose/nature of the contacts necessary to perform job duties. Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence. Gather customer requirements and develop availability plans. In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. 7. Are there any unusual physical conditions surrounding your work that can be considered disagreeable (such as heat, cold, wet, fumes, noise, etc.) and/or are you exposed to any accident and health hazards? If so, please give examples and occurrence frequency. Common conditions involved with this work include: daily extended exposure to personal computer keyboards and screens, stress due to deadlines, production problems, visibility of issues, multiple initiatives and priorities, after-hours calls which may require coming in to work in the middle of the night or over the weekend, etc. Criteria for Advancement: CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL I (grade 235) Consistently meets expectations on all job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL I TO LEVEL II (grade 240) Meets all and exceeds on many of the expectations in the Level I job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in the minimum requirements of Level II. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL II TO LEVEL III (grade 245) Meets all and exceeds on many of the expectations in the Level II job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in minimum requirements of Level III. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL III LEVEL IV (grade 250) Meets all and exceeds on many of the expectations in the Level IIII job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in minimum requirements of Level IV. Security Incident Response Analyst Information Security Threat Consultant I- 235 Job Purpose: Under guidance from more senior Consultants, this position participates in the triage and resolution of Information Security events and alerts, responds to threats, and develops procedures to maintain the confidentiality, integrity, availability and accountability for all aspects of safeguarding or protecting information or data, in whatever form, for CUNA Mutual Group and its subsidiaries. The primary objective of this role is to perform the analysis required to support the Incident Response function. The secondary function of this role is to participate in operational support when an event is escalated. The tertiary function of this role is to perform the tactical work necessary to support our managed security service providers and technical capabilities. Job Responsibilities: Incident Response: Under the guidance of Information Security management, act as a member of the incident response team. Product Management: Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. Define and document routine procedures, configuration parameters, batch processes and scheduled maintenance for systems and software. Perform testing, quality assurance and schedule changes for non-routine updates and upgrades to systems and software. Develop recovery plans to restore services. Oversight of managed service providers: Maintain relationships with managed service providers. Serve as a point of contact and liaison. Help drive continuous improvement with our providers. Operational Support: In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. Enter and maintain records, follow up on and provide status reports of all events. Provide timely notification of critical events to Information Security management and staff. Technical Consulting: Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence. Develop and manage technical security procedures in accordance with industry best practices. Research & Development: Make inquiries and investigate when needed for requests which requires additional information. Research new and existing technologies that can be introduced or used to replace existing technologies. Project Participation: Provide Information Security guidance through all phases of a project when identified as a necessary resource to design/build/run, improve or maintain software, systems and processes. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. Job Requirements: BS in MIS or CS or equivalent trade-off in related education and related professional work experience 2 years’ experience in investigating incidents while being part of an incident response team Experience working on Information Security Incidents, investigation, containment and remediation Understanding of network, infrastructure, and computer related incidents and the technical response activities entailed Comprehensive knowledge of the CISSP Common Body of Knowledge Demonstrated working knowledge of information security concepts in at least (12) of the following: digital forensics; cryptography; incident response; managed security services; web, url, mobile code filtering; network security; patch, configuration management; penetration testing; spyware, anti-virus, anti-worm detection; vulnerability management; web, e-commerce security; wireless, mobile security; security information management; OS, platform security; application development security; database security; end-point security; business continuity, disaster recovery; e-mail security; storage security; access control software; strong authentication; pki, digital signatures, certificate authorities; identity management, entitlement, authorization; password management, provisioning, single sign-on; audit & compliance; security policy; risk management; software development lifecycle, systems development lifecycle Experience designing and administrating log management solutions, Intrusion Detection Systems (IDS), Anti-virus products, Data Loss Prevention (DLP), File Integrity Monitoring (FIM), Active Directory, scripting, PowerShell, Operating Systems, or Networking equipment. Ability to navigate ambiguity Demonstrated good judgment and reliability Proven ability to provide a high level of customer service Job Analysis: 1. What is the average amount of time on the job for a new incumbent, who meets all minimum requirements, to learn most aspects of this position? 12 months 2. Identify and describe this position’s most typical challenges or problems. Support Information Security services Participating in Information Security incidents 3. Identify and describe this position's most complex duties and challenges or problems. Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence Complete security reviews and approvals for IT solutions Develop and manage technical security procedures in accordance with industry best practices 4. Position does conduct training or give workflow guidance to other staff in own work area or customers on a regular basis: Training: 5% of time spent training on a weekly basis to a variety of jobs. Work flow guidance: 10% of time spent providing workflow guidance on a weekly basis to a variety of jobs 5. Job Impact/Nature of Work Act as a member of the incident response team. Help design security procedures to detect and respond to threats. Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence Develop and manage technical security procedures in accordance with industry best practices. Gather customer requirements, negotiate service level agreements and develop availability plans. Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. 6. Internal/External Contacts.....Please elaborate on the position’s contacts inside and outside the company and the purpose/nature of the contacts necessary to perform job duties. Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence. Gather customer requirements and develop availability plans. In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. 7. Are there any unusual physical conditions surrounding your work that can be considered disagreeable (such as heat, cold, wet, fumes, noise, etc.) and/or are you exposed to any accident and health hazards? If so, please give examples and occurrence frequency. Common conditions involved with this work include: daily extended exposure to personal computer keyboards and screens, stress due to deadlines, production problems, visibility of issues, multiple initiatives and priorities, after-hours calls which may require coming in to work in the middle of the night or over the weekend, etc. Criteria for Advancement: CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL I (grade 235) Consistently meets expectations on all job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL I TO LEVEL II (grade 240) Meets all and exceeds on many of the expectations in the Level I job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in the minimum requirements of Level II. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL II TO LEVEL III (grade 245) Meets all and exceeds on many of the expectations in the Level II job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in minimum requirements of Level III. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL III LEVEL IV (grade 250) Meets all and exceeds on many of the expectations in the Level IIII job functions outlined in the job description, as measured against the performance objectives and competencies in the employee performance appraisal. Demonstrated proficiency in minimum requirements of Level IV. Compensation may vary based on the job level, your geographic work location, position incentive plan and exemption status. Base Salary Range: $74,328.00 - $133,868.00 CUNA Mutual Group’s insurance, retirement and investment products provide financial security and protection to credit unions and their members worldwide. As a dynamic and growing company, we strive to create a culture of performance, high standards and defined values. In return for your skills and contributions, we offer highly competitive compensation and benefit packages, significant professional growth, and the opportunity to win and be rewarded. Please provide your Work Experience and Education or attach a copy of your resume. Applications received without this information may be removed from consideration.