3 months ago
* Implement security policy and best practice with tools such as, but not exclusive to Centralized Logging/SIEM, Firewalls, IDS/IPS, DLP, Anti-Malware, Email security controls and Web Content Filtering to detect threats and incidents as they occur. Work closely with IT technical peers directly to ensure their deployment and configurations meet requirements.
* Create custom rules and tune existing rules, policies, alerts, etc. within all available platform, network, and security applications based on corporate rules, policies, and situational conditions to meet the objectives of the security department.
* Conduct regular review of logs and reports to identify potential malicious activity.
* Maintain awareness of emerging threats and grow Sun Country’s connection to the global cyber community and industry peers to share threat analysis and techniques
* Conduct ongoing threat hunting exercises
* Work in conjunction with the Cyber Solutions Specialist during scanning and penetration testing to mature Sun Country’s capability to detect new threats as they occur.
* Triage and investigate security incidents
* Provide input to the department strategy on data protection, detection, network security, forensics, logging and monitoring, and other related function areas.
* Participate in new project/initiative reviews to ensure security risks with vendors or solutions is minimized.
* Analyze, evaluate, and communicate Threat Intelligence notifications to reduce risk exposures and to prepare for potential security breach attempts.
* Update Information Technology peers and various levels of management on the current state of incident, threat, and risk factors.
* Assist in creating and enhancing incident response standards and procedures
* Interface with business users of Information Technology while employing a high degree of tact and diplomacy to promote a positive image of the department.
* Manage multiple high priority initiatives in a fast paced highly technical environment.
* Work with Network and Infrastructure teams to automate security functions where possible
* Remains on-call during off-peak hours to respond to support service issues.
* Is a life learner, the continued pursuit of knowledge in the profession is key to the success of the team and role
* Maintain working knowledge of Sun Country’s overall Information Technology and Security Policies.
Required Education and Experience:
* Bachelor’s degree in IT, Computer Science, or equivalent work experience.
* CISSP or equivalent and relevant certification
* Coding/Scripting experience (e.g. Python, Perl, PowerShell)
* Strong skills in creating Regular Expressions
* 5+ years of experience in security incident detection and response utilizing tools such as SIEM, logging tools such as Splunk, and analysis of custom threat dashboard, reports and alerts
* Proven experience with endpoint protection, IPS technologies, threat intelligence feeds, and malware detection.
* Effective at providing timely, concise, audience-appropriate information orally and in writing
* Able to maximize time to produce timely, high-quality results
Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to use hands to finger, handle, or feel and talk or hear. The employee frequently is required to stand, walk, sit, and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus.
Work Authorization/Security Clearance: Must have authorization to work in the United States