The Cybersecurity Operator plays a key role in Security Incident Management, overseeing the initial triage of incidents, requests, and alerts. This position supports the ongoing maintenance and effective use of various security platforms and solutions to mitigate risk to Allison Transmission's information technology assets. Additional responsibilities include conducting scheduled threat and vulnerability scans of systems and environments, participating in penetration and web application security assessments, and managing security operations center functions involving logging, monitoring, and incident escalation.
Responsibilities:
- Lead and coordinate as a first responder for cyber-security incidents, monitor alerts, events and incidents identified through security event management tools and confirm validity of identified incidents
- Fully document and communicate findings to an array of audiences which includes both technical and executive teams
- Ensures that incidents are managed robustly & effectively, and that any customer/business impact is identified and minimized
- Manage issues resulting from investigation, work collaboratively with technical and business leads to follow up accordingly to security incident management procedures and processes, and assist in development and resolution of daily reports
- Conduct and guide a variety of test efforts e.g. penetration tests, internal and external audits and certifications, and coordinate remediation work as necessary
- Architect security scans of applications, devices, and systems.
- Enforce and enhance the enforcement of security policies and procedures by monitoring system activity.
- Reviews security violation reports and investigates possible security exceptions.
- Update and maintain documented security controls.
- Lead root cause analysis of security events, drive the implementation of corrective and preventive measures.
- Collaborate with cross functional steakholders in the Information Security Governance Process.
- Analyze logs to identify security vulnerabilities or malicious activity.
Qualifications:
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline.
Preferred certifications:
- SANS GIAC Certified Detection Analyst (GCDA)
- SANS GIAC Cyber Threat Intelligence (GCTI)
- SANS GIAC Certified Incident Handler (GCIH)
- OffSec Defense Analyst (OSDA)
- OffSec Certified Professional (OSCP)
- CompTIA Security+
- CySA+
- CompTIA Pentest+
- (ISC)2 Systems Security Certified Practitioner
Education and Experience:
Required:
- 3+ years of experience in a technical role in the areas of Security Operation, Vulnerability Management, Incident Response, Detection Engineering, Offensive Security/Red Team, or Cyber Threat Intelligence.
- Experience in vulnerability scanning, and Cybersecurity Software/application tool support.