Sports Cyber Security Business Leader



NBCUniversal  – Minneapolis, MN

The Sports Cyber Security Business Leader will be a lead contributor to the NBC Universal Cyber Security organization, responsible for executing and contributing to the cyber security strategy and maintaining operational engagement with key Sports leaders.

The Cyber Security Business Leader will assess business cyber security practices and provide recommendations on the implementation of security controls, technologies and supporting workflows consistent with the NBC Universal cyber security strategy. Additionally, executing the Sports cyber security program with accountability for delivery and measurement consistent with organizational objectives and standards. This position requires an experienced security professional, ideally with experience in the media and entertainment industry in customer facing roles.

A successful candidate is expected to understand and articulate business operational processes and risks while leveraging existing internal and external business and technology resources to provide program and project related insight. Clear and concise oral and written communication are required.

Responsibilities:

Advise and lead the execution of a comprehensive cyber security risk-based program for NBC Universal’s Sports business.
Provide insight and seek support from the enterprise NBC Universal Cyber Security function to inform and align with the Sports strategy
Support cyber security organization leadership in the identification and communication of relevant cyber security-related issues, risks and events, including leading operational engagement and supporting metrics for measuring cyber security maturity
Keep abreast of cyber security trends, with an ability to articulate security related themes and principles in to business terms
Drive the delivery of cyber security plans, implementations and leading practice controls, with an understanding of Active Defense security principles and strategies
Lead business engaged risk exercises to identify and measure risk posture and provide recommendations on mitigation strategies
Actively engage and support security incident response team in resolution and close of investigations of incidents with ownership of post mortem and remediation plans
Support the development of business-relevant metrics and key performance indicators to measure cyber security program maturity
Qualifications/Requirements

Minimum 3 years combined work experience in an IT infrastructure, networking and security
Minimum 2 years working in a multi-national business operation
Minimum 3 years working with security technologies including security architecture, IDS/IPS, digital certificates, encryption, and authentication, advanced anti-malware systems, and security log collection, optimization, and deep analytic analyses.
Minimum 2 years in customer facing technical engagement roles, including service and solution delivery.
Ability to travel up to 20% of time, as needed, including overnight stays

Eligibility Requirements:
Interested candidate must submit a resume/CV through NBC UNIVERSAL CAREERS to be considered
Must be willing to work in Stamford, CT, Orlando, FL, Miami, FL, or Englewood Cliffs, NJ
Desired Characteristics

Media Entertainment industry experience
Degree in Computer Science or equivalent field of study
Training in Cyber Security specific disciplines
Ability to communicate effectively to business and technical teams
Demonstrated ability to prioritize and handle multiple initiatives
Demonstrated negotiation and problem resolution skills
Experience in large global environments spanning multiple time-zones
Demonstrated interpersonal, analytical, organizational, written and verbal communication skills
Demonstrated ability to communicate to all levels of an organization
Demonstrated knowledge of recognized Cyber Security related standards and technologies
Demonstrated knowledge of International Cyber Security and Privacy regulations, laws, and policies
Sub-Business

Technology

Career Level

Experienced

City

Minneapolis

State/Province

Minnesota

Country

United States

About Us

At NBCUniversal, we believe in the talent of our people. It’s our passion and commitment to excellence that drives NBCU’s vast portfolio of brands to succeed. From broadcast and cable networks, news and sports platforms, to film, world-renowned theme parks and a diverse suite of digital properties, we take pride in all that we do and all that we represent. It’s what makes us uniquely NBCU. Here you can create the extraordinary. Join us.

Notices

NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. NBCUniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative For Hiring Ordinance, where applicable.



. . . . . . . .

Analyst I – Cyber Security



Las Vegas Sands Corp – Las Vegas, NV

Position Overview 

The SOC cyber security analyst, Level 1 is a member of the cyber security operations team and works closely with the other members of the cyber security team in support of a comprehensive cyber security program. This role is an entry level analyst that is responsible for monitoring various cyber security appliances to identify events that require escalated analysis. The SOC cyber security analyst, Level 1 reports to the Director of the US Security Operations Center . 

All duties are to be performed in accordance with departmental and Las Vegas Sands Corp’s policies, practices, and procedures. 

Essential Duties & Responsibilities 

Key Responsibilities 

Define, gather and report on metrics regarding all security systems within the property environment. 
Manage the SOC mailbox, and monitor and analyze the emails for threats including phishing and malware, and escalates per procedure. 
Monitor, evaluate, and assist with the maintenance of assigned security systems in accordance with industry best practices to safeguard internal information systems and databases. 
Participate in the Investigation of security violations and breaches – may prepare reports on intrusions as needed. 
Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used to support cyber security operations. 
Provide reoccurring reports for network and host-based security solutions. 

Key Processes 
Work closely with all Global SOC team members. 
Monitor and inspect alerts to determine those that require analysis. 
Escalate alerts that require analysis to Level 2 SOC analysts. 

Consistent and regular attendance is an essential function of this job 

Performs other related duties as assigned 

Additional Duties & Responsibilities 

Additional Duties & Responsibilities 

Minimum Qualifications 

21+ years of age 
Proof of authorization/eligibility to work in the United States 
Associate’s degree in Information Systems or equivalent in relevant discipline preferred. 
Minimum of three years hands on experience configuring and working with Information Technology Systems is preferred. 
Excellent problem solving skills, ability to triage and resolve critical technical issues. 
Current, relative industry certifications preferred. 
Must be able to work collaboratively with the global team. 
Experience configuring and installing information security applications. 
Hands-on experience with security applications is preferred. 
Fundamental understanding of encryption technologies. 
Understanding of common network traffic, i.e., Transmission Control Protocol/Internet Protocol (TCP/IP), Internet traffic, and mail. 
Working knowledge of one of the following platforms is preferred: IBM iSeries, Linux, and MS Windows. 
Ability to assess network activity and system configuration for anomalous activity to determine system security status. 
Knowledge and understanding of network protocols, network devices, multiple operating systems. 
Technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, anti-malware solutions, automated policy compliance tools, and desktop security tools is preferred. 
Fundamental knowledge of network traffic alerts to assess, prioritize and differentiate between potential intrusion attempts and false alarms. 
Knowledge and understanding of current cyber threats. 
Ability to communicate effectively in a positive/upbeat fashion utilizing English, both in oral and written form. 
Have interpersonal skills with focused attention to guest needs to deal effectively with all business contacts. 
Maintain a professional, neat and well-groomed appearance adhering to Company appearance standards. 
Maintain consistent adherence to the Las Vegas Sands Corp Unmatched Guest Service Standards. 
Work varied shifts, including weekends and holidays. 
Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the need of the business.) 

Work Environment 

Work in a fast-paced, results-oriented and ever-changing environment 
Able to maintain composure under pressure and consistently meet deadlines with internal and external customers and contacts 
Maintain physical stamina and proper mental attitude while dealing effectively with guests, management, team members, and outside contacts



. . . . . . . .

IT Manager



Benchmark Hospitality – Sunny Isles Beach, FL

Benchmark’s company culture is central to our management philosophy. The company’s stated purpose is “to provide an entrepreneurial environment where determined people dare to create, share, and build futures.

To be the “benchmark” by which all others are judged takes passion, courage, and dedication. We invite you to explore our extraordinary offering of unique opportunities, all with a common goal of providing an unforgettable journey.

Job Description Summary:

This position will be responsible for support and troubleshooting all computer systems, basic network administration, basic telephone troubleshooting, printer/copier maintenance, monitoring back-ups, IT projects with the Home Office IT, adhering to the latest PCI DSS compliance requirements, and ongoing research and evaluation of new IT technologies and solutions.

Job Description:

The IT Manager is responsible for all computers, interfaces, networks and telecommunications systems located at the Resort. The IT Manager also manages all software and applications for the computer users of the Resort. This includes maintaining the proper operation of existing software applications, analyzing the current and future needs of users and systems and determining which products will increase productivity, reliability and/or security. The IT Manager is responsible for ensuring property security, anti-virus and back-up methods are in place and active, maintaining a departmental budget, purchasing of all hardware and software and end-user training. Such duties and responsibilities are directly related to the successful business operations of both the Resort and the servicing of our clients.



. . . . . . . .

Analyst, IT Security Monitoring



American Airlines – Phoenix, AZ

Location: Regents Centre North (PHX-52N1) 
Additional Locations: None 

Job Description 

The Tier 2 Analyst is responsible for the successful completion of all procedures executed during his/her presence in the CSARC (Cyber Security Analysis & Response Center). The Tier 2 Analysts owns the documentation and measurement of all subordinate procedures as well as continuous improvements. These senior analysts will gather information for cyber security events, collate it into an accessible format and ensure its proper dissemination. Tier 2 analysts will be responsible for the Subtle Event Process long-term analysis and deep dive investigation into network activity. 

Duties and Responsibilities 
Monitor Tier 1 Analyst performance investigating incoming events using available CSARC – tools. 
Serve as point of escalation for Tier 1 Analysts and ensure Tier 1 event(s) are addressed in a timely manner using available reporting and metrics. 
Approve and, if necessary, further investigate Tier 1-escalated events. 
Mentor and identify training needs for level 1 analysts to improve detection capability within the CSARC. 
Manage CSARC event and information intake to include gathering intelligence reports, monitoring ticket queues, investigating reported incidents, and interacting with other security and network groups as necessary. 
Serve as detection authority for initial incident declaration. 
Serve as shift subject matter experts on incident detection and analysis techniques providing guidance to junior analysts and making recommendations to organizational managers. 
Drive and monitor shift-related metrics ensuring applicable reporting is gathered and disseminated per CSARC requirements. 
Collaborate with other CSARC teams on security research and intelligence gathering. 

Job Qualifications 

Minimum Qualifications 
5 years of Information Technology related experience. 
1-2 years SOC related experience. 
Experience managing cases-incidents and enterprise SIEM systems. 
A solid understanding of networking, cyber security concepts, vulnerability identification and cyber threat intelligence is necessary. 
Excellent communications skills, that includes the ability to provide formal documentation of analysis and/or research results to include briefings, reports, writing, training of lower tiers, and editing at a technical/professional level. 
Aptitude in solving problems independently. 
Sound decision-making ability. 
Must be detail oriented, well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude. 
Strong analytical and time management skills. 
Work with minimal supervision as an individual contributor and as part of the team. 
Availability to work a flexible schedule including nights and weekends; CSARC is 24x7x365 environment. The role is shift work and requires team members to be on time daily. 

Preferred Qualifications 
Information Security Certification such as: Security+, CISSP, CISM, CISA, CEH, GCIH, GCIA, GCFA, GREM. 
Python scripting. 
Works well both in a team environment and independently. 
Additional Locations: None 
Requisition ID: 16000



. . . . . . . .

IT Security Analyst



Jabil Circuit1- Saint Petersburg, FL

Monitors and reports security events in the Jabil enterprise. Performs daily health checks on security devices. 
Essential Duties & Responsibilities 
– Perform daily monitoring and reporting of security Events. 
– Study and Review device security logs. 
– Perform adhoc reports from security tools as requested. 
– Submit tickets to the Service Desk describing security incidents with supporting information or evidence. 
– Perform initial investigations from daily reports and monitoring. 
– Perform routine Health Check lists for Security tools. 
– Participate in projects as assigned. 
– Perform Mentoring and education for security staff members. 
– Drive continuous improvement through trend reporting analysis and metrics management. 
– Assure that procedures and work instructions are efficient and not redundant.
– Offers new ideas and suggestions for improvement. Identify and implement new practices and processes that are “best in field”. 
– Demonstrate a commitment to customer service; anticipate, meet and exceed expectations by solving problems quickly and effectively; making customer issues a priority. 
– Confer with reporting manager on complex or unusual situations. 
– Establish new measurement systems if/where possible. 
– Exchange knowledge and information with other Jabil facilities to ensure best practices are shared throughout the Jabil organization. 
– Maintain discretion and confidentiality in all areas pertaining to the IT systems, data and proprietary information, whether internal to Jabil or customer specific. 
– Interpret a variety of instructions furnished in written, oral, diagram or schedule form. 
– Understand and embrace the business and IT strategic direction. 
Education & Experience Requirements 
– Bachelor’s degree in Computer Science or Management of Information Systems. 
– Or 2 – 3 years equivalent external work experience or equivalent formal training in related duties. 
– 1 – 2 years experience in IT or security field. 

– Splunk Enterprise Experience Preferred but not required. 

Jabil offers competitive compensation, a comprehensive benefits program, and a supportive environment that provides learning and career development opportunities. Jabil is an equal opportunity employer.



. . . . . . . .

Cybersecurity Validator, Senior



Booz Allen Hamilton – Lexington Park, MD

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.

Cybersecurity Validator, Senior

Key Role:

Provide Cybersecurity support, analysis, documentation, and validation services of Navy (DON) systems in accordance with DOD and DON policy to Navy organizations, including applications, systems, architectures, and infrastructure that are operationally viable and efficient. Apply design and policy knowledge to discover network and device vulnerabilities as a means of improving the security posture and analyze network and system ACAS vulnerability scans to validate the implementation of security controls in accordance with National Institute of Standards and Technology (NIST) publications. Perform validator actions in government mandated tracking tools and perform risk assessment of data and systems based on DoD compliance instructions and directives, including submission of completed validation specific artifacts. Provide expert technical and policy assessment regarding system hardening for Authorization to Operate submissions. Perform timely, accurate, and efficient Cybersecurity services to support program objectives and milestone requirements. Provide validation of security controls in compliance with the DOD, DON, FISMA, and other mandated policies and procedures and system life cycle support within Navy programs.

Basic Qualifications:

-5+ years of experience with providing Information Assurance and Cybersecurity within DoD environments

-Experience with the Navy Risk Management Framework process

-Experience with Cybersecurity and networking principals

-Experience with Intrusion Detection Technologies, Intrusion Prevention Technologies, Host Based Security System, and Assured Compliance Assessment System (ACAS)

-Knowledge of Risk Management Framework

-Knowledge of Windows and additional operating systems

-Active Secret clearance

-HS diploma or GED

-Level II or III DoDD 8140 Certification

Additional Qualifications:

-Experience with vulnerability scanners, eMASS, and STIGs

-Knowledge of hardening systems using Security Technical Implementation Guides (STIGS)

-Ability to show enrollment in Cybersecurity Workforce (CSWF)

-Possession of excellent oral and written communication skills

-BA or BS degree in CS, Information Systems Management, or Cybersecurity

-Certified as a Navy Qualified Validator (NQV)

-CISSP Certification preferred

Clearance: 
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/Disability/Vet.

NMC



. . . . . . . .

Information Security Senior



Freddie Mac – Reston, VA

Position Overview The Information Security Operations supports several enterprise tools and systems that are the backbone for many of the critical applications and business processes. Information Security Operations team ensures and enhances the availability, reliability and accessibility of Information systems and tools through a cost effective standardized support model. We demonstrate Freddie Mac’s Information Technology (IT) department’s vision and alignment to the business objectives and strategy, present IT’s identity within the business model, execute IT’s vision through the established technology roadmap and partner in setting the strategic direction for vendor management and product roadmaps.

Responsibilities include:

  • Support monitoring & encryption systems and provide tool administration support
  • Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups
  • Apply patches and upgrades on a regular basis, and upgrade administrative tools and utilities
  • Configure new and maintain existing services as necessary
  • Establish and maintain operational, configuration and other process/procedures to ensure effectiveness of new and existing detective and preventative configuration policies
  • Coordinate with other infrastructure, engineering and application project/support teams to ensure new policies/assets are deployed and issues impacting tools and systems are resolved quickly and effectively without adversely impacting the affected business systems
  • Install, configure, troubleshoot and support Data Security tools such as IBM Guardium, Vormetric Data Encryption, Symantec DLP, and Informatica DDM.
  • Draft and maintain technical installation, configuration and customization specification documents
  • Support planning, coordination and execution of system changes per established enterprise change process
  • Augment production support team to ensure 24/7 coverage and operations. Responsibilities sometimes require working evenings and weekends, sometimes with little advanced notice

Qualifications

  • 5-7 years of professional IT experience, with at least 3 years of information security experience
  • Bachelors degree with a technical major, such as engineering or computer science or related working experience
  • Experience with Security products in a seasoned professional or senior role including experience with policy configuration, application integration and software deployment
  • Experience with administrating, implementing and supporting enterprise Data Security solutions.
  • Experience with developing and deploying connectors
  • Must have a good working knowledge of Unix commands, shell scripting (Unix, PowerShell, Python, etc.) and SQL
  • Ability to think critically to troubleshoot ability to fix identified system issues/failures, identify root cause and fix issues on a timely basis while maintaining the availability and integrity of the system
  • Experience implementing and/or maintaining Database Activity Monitoring (DAM), Vulnerability Management (VM), Baseline Security Compliance Monitoring and Data Discovery policies and processes
  • Knowledge and understanding of Unix commands, and other scripting languages

Preferred Skills

  • Experience with additional web application, network, desktop endpoint and server monitoring, log management (aggregation/correlation), public key infrastructure (PKI) and encryption Security solutions
  • Understanding of server/file encryption technology, encryption key management and information security policy
  • Advanced technical proficiency with Windows and Linux Server support and Systems Administration
  • Advanced knowledge of security concepts such as data loss prevention (DLP), web application firewall, infrastructure and web application vulnerability assessments, baseline hardening standards (CIS, DISA, etc.), endpoint protection is desirable
  • Experience with Unix, Windows, Database administration a plus
  • Splunk administration experience a plus
  • CISSP or Security+ certification a plus
  • Exceptional organizational skills with an ability to manage multiple priorities in a fast-paced dynamic environment
  • Proven written and verbal communication skills with both Business/Management and Technical/Engineering resources

Closing Statement Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you’ll do important work for the housing finance system and make a difference in the lives of others. Freddie Mac is an equal opportunity and top diversity employer. EOE, M/F/D/V.



. . . . . . . .

Senior Cyber Security Analyst/Penetration Tester



Alliance Data – Plano, TX

About the Opportunity 
Conduct cyber security assessments to proactively detect potential cyber weaknesses in order to minimize the impact of security incidents. Active threat-hunting and participation in response to cyber threats and incidents.

Responsibilities 
Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments 
Develop scripts, tools, or methodologies to enhance Alliance Data’s red teaming processes 
Analyze business impact and exposure based on emerging security threats, indicators of compromise, vulnerabilities, risks and legislation in order to adjust our overall security strategy accordingly 
Perform technical security assessments, code audits and design reviews as well as develop technical solutions to help mitigate security vulnerabilities 
Stay up to date and be an active participate in the overall cyber security industry 

Qualifications 
Bachelor Degree in Computer Science, Information Systems, Engineering, preferred 
5-8 work experience involving actual cyber security or digital forensics duties 
OSCP, OSCE or equivalent penetration testing certification, preferred 
CISSP, CISM, CRISC, CISA or equivalent security, preferred 
Knowledge of software exploitation (web, client-server, mobile, and wireless) on modern operating systems 
Familiarization with XSS, SSJS, filter bypassing, SQL Injection, etc. 
Ability to automate tasks using a scripting language (Python, Perl, Ruby, etc.) 
Strong knowledge of networking protocols and packet analysis 
Ability to perform targeted penetration tests and exploitations without use of automated tools 
Well-versed in multiple security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP among others 
Familiarity with common reconnaissance, exploitation, and post exploitation frameworks 
Deep understanding of cyber security concepts and ability to devise and execute appropriate solutions 
Experience with security industry standards, methodologies and regulations impacting the security space 
Analytical with strong problem-solving skills and exercises good, balanced decision making 
Flexibility to work independently, in teams and across the organizational hierarchy 
Strong oral and written communication skills 
Handle yourself and lead others in crisis situations 
Ethical character with ability to keep information confidential 
Comfortable working with law enforcement and other Government agencies 
Passionate about cyber security, a desire to protect and help people; positive attitude and enjoys constantly learning 
Willing to respond to emergency situations off-hours 
Business travel, as needed 

Alliance Data Pay Statement 
Alliance Data offers a competitive salary, a comprehensive selection of benefit options including 401(k). 

Conditions of Employment 
All job offers are contingent upon successful completion of drug screen and background checks. 

About Alliance Data 
Alliance Data® (NYSE: ADS) is a leading global provider of data-driven marketing and loyalty solutions serving large, consumer-based industries. The Company creates and deploys customized solutions, enhancing the critical customer marketing experience; the result is measurably changing consumer behavior while driving business growth and profitability for some of today’s most recognizable brands. Alliance Data helps its clients create and increase customer loyalty through solutions that engage millions of customers each day across multiple touch points using traditional, digital, mobile and emerging technologies. An S&P 500 and Fortune 500 company headquartered in Plano, Texas, Alliance Data consists of three businesses that together employ more than 17,000 associates at approximately 100 locations worldwide. 
Alliance Data’s card services business is a leading provider of marketing-driven branded credit card programs. Epsilon® is a leading provider of multichannel, data-driven technologies and marketing services, and also includes Conversant®, a leader in personalized digital marketing. LoyaltyOne® owns and operates the AIR MILES® Reward Program, Canada’s premier coalition loyalty program, and Netherlands-based BrandLoyalty, a global provider of tailor-made loyalty programs for grocers. 

Follow Alliance Data on Twitter, Facebook, LinkedIn and YouTube. 

Alliance Data is an Equal Employment Opportunity employer 

Alliance Data participates in E-Verify Qualifications 



. . . . . . . .

Cyber Security Analyst



UL LLC – Northbrook, IL

OverviewOther companies make products. We make a difference! Click Here

Contribute to a Safer, More Secure, and More Sustainable World.

At UL, we know why we come to work. Thousands of us around the world wake up every day with one common purpose – to make the world a safer, more secure, and more sustainable place to live. We clear the way for our customers to introduce the latest products, technological advances, and systems in an increasingly complex world so they can provide peace of mind to the market. Our integrity is woven throughout our company and shapes the way we approach deliver our solutions. We are proud that the work we do every day has a meaningful contribution to society. We continue to build upon our legacy of trusted expertise and partnership to keep our communities safe and secure as we march forward into the future. This helps us to sleep better at night, and we are confident that the millions of people we touch rest easier too.

Seeking a highly technical hands on individual with penetration testing, ethical hacking or software development experience. Ideally the candidate will have a background and domain experience in embedded product and software testing. The candidate will conduct advanced penetration tests, hacking to identify issues in embedded products and software as well as vulnerability testing, risk analyses and security assessments.

Responsibilities

  • Reviews security and network events that are populated in a security information and event management (SIEM) system.
  • Investigates intrusion attempts and performs in-depth analysis of exploits.
  • Provides network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
  • Conducts proactive threat research.
  • Analyzes a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
  • Independently follows procedures to contain, analyze, and eradicate malicious activity.
  • Documents all activities during an incident and provides leadership with status updates during the life cycle of the incident.
  • Creates final incident report detailing the events of the incident.
  • Provides information regarding intrusion events, security incidents, and other threat indications and warning information.
  • Assists with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
  • University Degree (Equivalent to Bachelor degree) in Computer Science, Information Systems Security, or a related disciplines plus generally two years of experience with security operations, computer network defense, or intelligence analysis.
  • Performs other duties as directed.

Qualifications

  • Position requires minimum BS in Computer Science and/or related technical field or equivalent experience.
  • Minimum of two (2) years’ experience in cybersecurity, software development, and ethical hacking.
  • Experience scripting in one (1) or more of the following languages: sh, csh, perl, python, awk, ruby and programming experience in C, C++, Java.
  • Skilled in configuring a Basic network.

#CB



. . . . . . . .

Cyber Security Engineer



Solidyn Solutions, Inc – United States

Polaris Alpha (EOIR Technologies) is seeking a Cyber Security to support the System Administration, Information Assurance and ATO process for research and development (R&D) laboratories at one of the Army’s R&D Centers of Excellence, CERDEC I2WD located in APG, Maryland. 
As a member of the Polaris Alpha team, the Cyber Security Engineer will have opportunities to provide technical expertise with systems security, IA, and engineering across multiple Labs. A key role will be to support the Lab’s Accreditation & Authorization (A&A) efforts including: 

  • Implement the Enterprise Mission Assurance Support Service (EMASS) and DoD Risk Management Framework (RMF) lifecycle
  • Perform computer and/or network security vulnerability assessments.
  • Analyze and evaluate vulnerability results to determine, recommend, and developed solutions to reduce risks, threats, and vulnerabilities.
  • Develop and review security documentation (POA&Ms, SCTM, SSP)
  • Update eMASS project details and records

REQUIRED SKILLS 

  • BS (MS preferred) in Computer Science/Engineering or similar field
  • 5+ years’ experience in implementing the EMASS and RMF lifecycle
  • Must possess DoD 8570 compliant security certifications to meet IAT requirements (Security+, etc)
  • Experience with DIACAP, RMF, ICD 503, CNSSI 1253 and NIST Special Publications.
  • Experience writing, developing and reviewing security documentation such as POA&Ms, SCTM, SSP
  • Demonstrated knowledge of Information Assurance (IA) and enterprise IA solutions
  • Experience selecting, assessing, and engineering security controls via NIST SP 800-53 and CNSSI 1253
  • Experience providing engineering analysis, design and support for cross-domain solutions (CDS), firewalls, routers, network devices and operating systems
  • Experience in performing security audits and intrusion detection system logs for system and network anomalies
  • This position requires the selected candidate to hold (or to be able to obtain) an active Department of Defense TS/SCI level security clearance, with CI Poly which requires US citizenship while working in support of a government contract.



. . . . . . . .

Cybersecurity Analyst



Caesars Enterprise Services – Las Vegas, NV

ESSENTIAL JOB FUNCTIONS The Cybersecurity Operations Sr. Analyst for Caesars is responsible for implementing the Cybersecurity program and strategy at a tactical and operational level (network, infrastructure, applications and databases) to ensure that security controls are functioning efficiently and effectively, more specifically in the realm of security logging, monitoring, alert management, incident handling, vulnerability and configuration management. Furthermore, this position also supports the Cybersecurity Team in doing security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the program and strategy. 

The Cybersecurity Operations Sr. Analyst provides technical expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various properties and Information Technology. The optimal goals is to design and implement controls and processes, risk mitigation techniques, and standardized information security solutions that will allow a sensible balance between risks and business operations. 

Responsibilities include, but may not be limited to the following: 

Risk, Compliance & Policy Management 

  • Providing technical and operational input to management for all applicable security policies, standards, risk/threat models, procedures, and guidelines that will assist the IT teams in integrating security requirements within their networks, systems, applications and databases
  • Ensuring published security standards, procedures, and guidelines are adhered to by conducting security assessments over the network and the resources attached to it
  • These functions are executed in close collaboration with the Risk & Compliance Lead

Research & Development 

  • Providing technical briefings to management and other IT engineers, analysts, project managers, etc.; contributing to the technical understanding and promotion of new and existing information security standards, solutions and tools; serving as a technical communication channel to the SecOps Manager
  • Providing R&D and consulting support to the Cybersecurity team, IT and business projects as needed

Documentation, Reporting & Analytics 

  • Implementing regular metrics and statistics about our business and IT environment; analyzing trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; reporting security metrics and statistics to the CISO and other key stakeholders such as the CTO
  • Documenting and following-up on all security exceptions relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures

Operational Planning & Management 

  • Performing technical security risk assessments and security exposure analysis of systems, networks, business applications and databases: identify, document, and report security issues and concerns to management; follow-up on action items to resolve security exposures; report on vulnerability findings and other security-related gaps to management
  • Managing the technical aspect of various audits, PCI, assessments, etc. to ensure that all outstanding findings and gaps are resolved by the various properties and IT; signing-off on final remediation; this activity is executed in close collaboration with the Risk & Compliance Lead
  • Analyzing and optimizing technical solutions and processes for monitoring the security health of the company’s infrastructure (IDS/IPS, firewalls, servers, clients, applications, databases, spam tools, spyware tools, computer forensics tools, integrity checking tools, encryption key management tools, etc.) – through regular logging, monitoring, scanning, response, investigation, post-mortem
  • Managing the relationship with the SOC and other business units to analyze all security-related events and activities to provide daily, weekly, and monthly reporting of statistics and metrics; Acting as the “hub” to security events and activities on the network and its resources (servers, clients, routers, firewalls, Intrusion Detection Devices, etc.) and route them to the appropriate groups for action
  • Providing input to audit and other assessment requirements from clients, customers, and other third-parties; main SME on IT and business projects
  • Managing the end-to-end Incident Response (IR) process, including escalation of critical events and activities to Security Management and other designated stakeholders; including following-up on security-related events and activities to ensure that they have been correlated, analyzed, acted upon, closed, and reported
  • Assisting in the technical, day to day tasks as part of the implementation of new processes and tools linked to several key capital projects such as: Vulnerability Scanning of Network and Systems, SOC, IPS, Certification, etc.
  • Providing understanding of network and system security and influence the IT Teams (as well as the business segments) in integrating security in the design of networks and implementation of systems
  • Main point person in Cybersecurity for all IT and property projects providing security consulting on policies, standards and other solutions; work with the other Cybersecurity team members as needed to obtain end-to-end input to projects not only from a technical perspective but also from a compliance, risk and application perspective

KNOWLEDGE AND EXPERIENCE 

5-7 + years work experience in security operations, network security, infrastructure security, Windows/Unix systems/security, etc. 

Experienced in several security tools (IPS/IDS, DLP, scanners, forensics tools, ethical hacking tools, etc.) and very knowledgeable in security processes. eDiscovery and forensics investigations a plus. 

EDUCATION Bachelor’s degree in Information Systems, Computer Science or technical training equivalent. CISSP, CISA, CISM, GSEC, or related certification(s) preferred. 

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. 

Caesars Entertainment reserves the right to make changes to the job description whenever necessary. 

As a part of Caesars Entertainment’s employment process, finalist candidates will be required to complete a drug test and background check prior to an offer being extended. Caesars Entertainment Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, national origin, gender, age, religion, disability, sexual orientation, veteran status, or marital status.



. . . . . . . .

STATE IT SECURITY SPECIALIST



Arkansas Department of Human Services – Little Rock, AR

Summary 

The State Information Technology (IT) Security Specialist is responsible for determining solutions for network access problems and implementing statewide network security policies and procedures. This position is governed by state and federal laws and agency policy. 

Typical Functions 

Determines problems and implements solutions for reported network access problems. Ensures network (LAN/WAN, telecommunications, and voice) security access and protects against unauthorized access, modification, or destruction. Trains users and promotes security awareness to ensure system security and to improve server and network efficiency. Monitors use of data files and regulates access to safeguard information in computer files. Analyzes network traffic and security system logs statewide to identify security threats and incidents. Encrypts data transmissions and erects firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers. Documents computer security and emergency measures policies, procedures, and tests. Performs other duties as assigned. 

Special Job Dimensions 

Participates in the on-call schedule for the agency. 

Knowledge, Abilities, and Skills 

Knowledge of LAN/WAN, telecommunications, voice, computer systems design, computer systems administration. Knowledge of writing computer programs for various purposes. Knowledge of security applications analysis, how a security application should work, and how changes in conditions, operations, and the environment will affect outcomes. Ability to determine causes of security software operating errors and determine solutions. 

Minimum Education and/or Experience 

The formal education equivalent of a bachelor’s degree in computer science, mathematics, or a related field; plus three years of experience in information technology security analysis and development or a related field. ORCompletion of technical training in computer science, data processing, or a related field acquired from a vocational, military or industrial setting; plus three years of experience in information technology security analysis and development or a related field. Additional requirements determined by the agency for recruiting purposes require review and approval by the Office of Personnel Management. OTHER JOB RELATED EDUCATION AND/OR EXPERIENCE MAY BE SUBSTITUTED FOR ALL OR PART OF THESE BASIC REQUIREMENTS, EXCEPT FOR CERTIFICATION OR LICENSURE REQUIREMENTS, UPON APPROVAL OF THE QUALIFICATIONS REVIEW COMMITTEE. 

Preferred Qualifications 

This position monitors security access and network traffic and leads forensics investigations to determine the threat and scope of security incidents and policy violations. Preferred CISA, CISSP, InfoSec, CompTIA Security+ or similar level of security certification desired in addition experience utilizing FTK, Encase, or other similar forensic analysis tools, Prefer (3)+years of law enforcement experience as a sworn federal, state, or local police officer. 

Certificates, Licenses, Registrations 

Agency Specific Information 

Division Name 

Chief Information Officer 

Hiring Official 

Laurence Flaxman 

Special Work Condition 

The starting salary for this position is $57,755.30 annually. This position is located in Little Rock, AR. 

Could be some over-time and travel. 

Special Application Information 

GENERAL INFORMATION:
All DHS applicants must complete drug screening, as outlined in DHS Policy 1087, prior to being hired. 

Applications are prescreened according to the state application, addenda, résumé, transcript, licenses and any other information that is submitted. Only transcripts should be submitted at the time of applications; reference letters, certificates, and licenses should be brought at the time of interview. Failure to complete the application form according to instructions with complete and accurate information will adversely impact your comparison to other candidates. List all prior work experience, including military service, with most recent employment first. You may include volunteer or unpaid work as part of your work history; however, you should include the number of hours per week which you performed these duties. 

False, misleading, or incomplete statements may result in disciplinary action and possible termination. 

Benefits package may include: health & life insurance, vacation & sick time, paid holidays, credit union membership, retirement, career bonus, and deferred compensation. 

CONTINUOUSLY ADVERTISED POSITIONS:
Submitting an application for a continuously advertised position does not guarantee that a job is available for that position title; e-mails stating that the applicant meets the minimum qualifications for a position are for future reference. Applications submitted for continuously advertised positions are kept on file for 60 days. As jobs for that position title become available, eligible applications in that file that match the county and division criteria will be considered. On your application you should have designated in which counties and divisions you are willing to work. Please keep in mind that you will not appear on hiring lists for counties you do not designate. Do not select “statewide” from this county list. 

*************************************************************** 

FOR ALL FAMILY SERVICE WORKER POSITIONS ONLY:
Applicants must submit an official transcript by mail in addition to applications for all levels of Family Service Worker positions except for Family Services Assistant positions. Transcripts will remain on file for future applications. The following Bachelor’s, Master’s, and Doctorate degrees are valid for such Family Service Worker-type positions: 

Behavior Science 

Child and Family Development 

Child Development 

Counseling (any field) 

Criminal Justice 

Education: Early Childhood, Elementary, Middle Level, Secondary, or Special 

Family & Consumer Science 

Family Development 

Family Services 

Home Economics 

Human Development & Family Studies 

Human Services 

Psychology 

Rehabilitation Science 

Social Welfare 

Sociology 

Social Work 

Mail your transcript to the following address:
Arkansas Department of Human Services 

Attn: Recruitment 

P.O. Box 1437, Slot W301 

Little Rock, AR 72203 

The transcript must be an official transcript sent from the university or college you attended. The transcript must still have the envelope sealed with the security seal affixed. Once the seal is broken, the transcript is considered void.



. . . . . . . .

Cyberspace Intel Analyst II: Cyber Ops Coord/Decon Job



SAIC1, – Fort Meade, MD

Cyberspace Intel Analyst II: Cyber Ops Coord/Decon (Job Number: 431406) 

Description:
The National Security Customer Group of SAIC currently has a contingency full-time position for a Cyberspace Analyst to support the United States Cyber Command (USCYBERCOM) J3, Fort Meade, Maryland. 

JOB DESCRIPTION:
The successful candidate communicates complex programmatic cyber planning information, orally and in writing, elicits understanding and support from professional peers and non-specialists. Demonstrates broad, expert knowledge of the Command’s Cyber missions, authorities, and capabilities as well as equivalent information regarding the roles and responsibilities of the Command’s external program partners which includes (but not limited to) other DoD commands and agencies, other U.S. Government agencies and key partners. Evaluates and conducts development of Cyberspace Operations (CO) requirements and assists in creating CO Lines of Operations (LOO). The Operational Orders Coordination Support Analyst will integrate, synchronize, and phase actions of the joint force components and supporting organizations. Develops, coordinates, and maintains USCYBERCOM orders and directives and assisting Action Officers throughout the orders process in accordance with the USCYBERCOM Instruction for Operations Order Procedures. Reviews draft orders for adherence to USCYBERCOM Operations Order Procedures, providing feedback to Action Officers, and assisting in coordinating drafts and obtaining approvals. Advises USCYBERCOM Leadership on all aspects of orders processing and updating SOPs and USCYBERCOM Instructions for OPORD Procedures. Provides notification to Action Officers on updates to the Orders Process and Procedures. Participates in operation planning meetings to capture new order requirements or refine current orders. Develops and maintains a tracking system/database of all orders, acknowledgement status, associated schedules, and action checklists. Provides daily, or upon request, status briefings of detailed status of ongoing orders and those pending release, to include acknowledgement status by tasked commands, and pending or follow-up actions. Monitors, coordinates, deconflicts, synchronizes, and reports on the current status of order products and order conflicts and compliance with USCYBERCOM staff elements, JFHQs, subordinate headquarters, CCMD, components, and agencies, and facilitating resolution that may span multiple areas of responsibility. Provides training of the orders development and routing processes to designated personnel in order to develop a more capable force; and assists with transitioning cyberspace plans into the proper order format, informing USCYBERCOM personnel on the orders development, review, and release process, and clarifying J-code staffing process in accordance with the USCYBERCOM Instruction for Operations Order Procedures. 

Daily activities include:

  • Provides technical expertise for the identification, development and prioritization of cyberspace operations requirements, processes, procedures, and governing directives
  • Assists in conducting cyberspace operations and defense of the DoD Information Network (DODIN)
  • Provides situational awareness (SA) of cyber incidents, health, performance, availability, and reliability of the DODIN
  • Identifies issues and priorities affecting operations
  • Supports the creation, dissemination, and compliance of applicable orders and directives to the DOD community
  • Addresses areas of concern for the development of cyberspace capabilities for cyberspace operations
  • Prepares and modifies requirements to develop cyberspace capabilities based on the changing cyberspace environment for appropriate Government review, validation, and prioritization
  • Analyzes capability development requirements, concept of operation documents, and system architectures
  • Utilizes automated capabilities to assess risk to DODIN assets
  • Assists in identifying and prioritizing requirements for capability development efforts
  • Analyzes proposed capabilities, recommends COSs, and develops solutions to address areas of concern for shortfalls
  • Develops, maintains, and automates metrics to assess USCYBERCOM operational Measure of Effective and Performance (MOE/MOP)
  • Develops concept papers, technical white papers, and related documentation detailing cyber security practices for implementation throughout DOD
  • Analyzes vulnerabilities with known exploits that do not have vendor-provided mitigation or remediation action
  • Conducts research that focuses on rapidly emerging cyber threats and cyber adversary Tactics, Techniques, and Procedures (TTPs)
  • Collaborates with internal and external partners to facilitate cyber SA and information sharing Assesses the development of cyberspace capabilities to validate USCYBERCOM requirements

Qualifications 

REQUIRED QUALIFICATIONS:

  • Minimum six (6) years of experience as a Cyberspace Analyst or a related functional area Minimum of Bachelor’s Degree or additional 4 years of experience in lieu of degree, or 4 years of experience with a Master’s Degree
  • Strong attention to detail and organizational skills.
  • Excellent communications skills
  • Strong analytical and problem solving skills

SECURITY CLEARANCE:

  • ACTIVE TS/SCI with Polygraph

SAIC Overview: SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAIC has approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com. 

EOE AA M/F/Vet/Disability 

Job Posting: Oct 9, 2017, 4:00:00 AM 
Primary Location: United States-MD-FORT MEADE 
Clearance Level Must Currently Possess: Top Secret/SCI with Polygraph 
Clearance Level Must Be Able to Obtain: Top Secret/SCI with Polygraph 
Potential for Teleworking: No 
Travel: Yes, 25% of the time 
Shift: Day Job 
Schedule: Full-time



. . . . . . . .

Specialist, Sys/Data Security



Bank of America – Charlotte, NC

Job Description:

Overview

The Global Information Security Identity (GIS) and Access Management (IAM) organization defines policy and delivers capabilities to empower the bank to better control access to its data, systems, and infrastructure. An Authentication Controls Lead joining the team will be responsible for leading, organizing, and implementing a variety of activities related to governance of authentication controls, under the direction of the Authentication Controls Owner. The Authentication Controls Lead will perform key activities to provide assurance that IAM controls requirements are being adhered to across the company, have appropriate testing, are performing effectively and reporting exists for transparency to senior leaders. Primary responsibility will be development of processes to maintain an accurate inventory of authentication solutions and processes used throughout the bank. Additionally, this person will assist with development of the authentication process assessment to determine effectiveness of controls and adherence to policy, and with reporting of adherence levels and control effectiveness metrics.

Required Skills and Experience

  • 5+ years of relevant experience in application or technology infrastructure governance or authentication solutions
  • Ability to build relationships and partnerships across organizations to achieve common objectives
  • Ability to work independently
  • Strong attention to detail, confident enough to raise questions and escalate when necessary

Desired Skills and Experience

  • Bachelor’s degree in Information Technology or related field
  • Experience with process design or process improvement methodologies
  • Design of technology solutions that are highly integrated with other systems of record, including related information architecture and data integrity controls.
  • Ability to define and implement QA testing, measurement, and controls activities
  • A broad knowledge of information security principles (e.g. Identity and Access Management)
  • Functional experience with authentication technologies, tools, or processes
  • Leadership and influencing skills required to manage and influence senior stakeholders
  • Working knowledge of Bank systems of record for business application and technology components.

Shift:

1st shift (United States of America)

Hours Per Week:

40



. . . . . . . .

Manager, Info Security



General Dynamics Information Technology – Crystal City, VA

Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.

1. Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.

2. Supervises assigned staff.

3. Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

4. Perform preliminary forensic evaluations of internal systems.

5. Interfaces with client to understand their security needs and oversees the development and implementation of procedures to accommodate them.

6. Ensures that the user community understands and adheres to necessary procedures to maintain security.

7. Weighs business needs against security concerns and articulates issues to management and/or customers.

8. Maintains current knowledge of relevant technology as assigned.

9. Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation

10. Maintains current knowledge of relevant technology as assigned.

11. Participates in special projects as required.

Education

Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Qualifications

8-10 years of related experience in data security administration, including supervisory experience.

5 or more years supporting DoD customers or equivalent similar large, complex government agency

SKILLS AND ABILITIES

  • Advanced knowledge of data security administration principles, methods, and techniques.
  • Effective supervisory skills.
  • Certification in one or more specific technologies may be required, depending on job assignment.
  • Requires familiarity with domain structures, user authentication, and digital signatures.
  • Requires understanding of firewall theory and configuration.

CONTRACT SPECIFIC REQUIREMENTS

  • Secret Clearance
  • IAM II

Experience with the following:

  • Demonstrated successful track record for delivering large/complex projects on time and within budget within DoD Organizations
  • Demonstrated expert-level knowledge in the identification, design, development and maintenance of a metrics program related to cyber security in an organization of similar size and scope.
  • Demonstrated expert-level knowledge in planning, directing, and managing cyber security governance programs and processes in large complex organizations. This demonstrated experience includes the development of a framework and business rules related to the management of cross functional relationships, roles and responsibilities and establishment of cyber security goals and objectives.
  • Demonstrated experience with knowledge management best practices and using practices to develop, promote and monitor cyber security programs to ensure that management of security related topics and issues are properly accounted for.
  • Demonstrated knowledge and experience coordinating, collecting, and analyzing security relevant data in order to brief senior government leads on the risk posture of an enterprise.
  • Proven ability to multi-task, prioritize and present to government allowing the government to make risk based decisions based on the information presented.
  • Knowledge with providing review and preparation of governance materials, meeting preparation and capturing information from governance meetings.
  • Demonstrated ability of performing governance management at either an enterprise or IT service functional level.
  • Demonstrated expert-level knowledge in planning, directing, and managing an organizations cyber security policies related to DoD 8500 series, NIST SP 800 series, DoD regulations and instructions to include: 8570-01, DoDI 8530.01, CJCSI 6510.01 as well as Risk Management Framework (RMF). Demonstrated expert level knowledge and experience related to organizational communication plans and communication of cyber related policies to all organizational entities for applicability and guidance.
  • Demonstrated experience with the development of organizational policies, and the application of organizational level compliance standards in order to develop policies that can be applied within an organization.
  • Demonstrated IT experience in a DOD environment, including utilization of knowledge management practices and technologies, and interacting with and briefing senior government leaders.
  • Familiarity and understanding of DoD 8500 series, NIST SP 800 series, DoD regulations and instructions to include: 8570-01, DoDI 8530.01, CJCSI 6510.01 as well as Risk Management Framework (RMF).

As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.



. . . . . . . .

Cyber Security Analyst III



BankUnited – Miami Lakes, FL

This position is responsible for the proactive assessment and analysis of threat information, understanding threats as they relate to the organization, and implementing measures to prevent or combat existing and potential threats. 

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned. 

  • Assist in performing intelligence analysis, making predictions about cyber criminals and their future activities based on what is already known about them.
  • Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
  • Conduct technical research by collecting information about internet-based malware-related criminal activities and the people behind them.
  • Assist in the analysis of cyber network events and determine impact on current operations through all-source intelligence.
  • Assist in the gathering and analysis of the current and future threat landscape, and assist the Cyber Security Manager in providing leadership with a realistic overview of risks and threats in and to the organization.
  • Provide advice on IT initiatives, IT business projects, and IT engineering in regards to security industry best practice.
  • Develop and produce reports on all activities and incidents to help maintain day to day status.
  • Develop and report on trends, and provide focus and situational awareness on all issues.
  • Monitor intrusion detection and prevention systems and other security event data sources.
  • Work closely with IS operations, network and system administrators, other appropriate IS groups and business lines to determine the risk of a given event.
  • Implement and monitor controls necessary to ensure processes are performed and are effective to protect the environment from all forms of malicious cyber activity.
  • Assist in establishing procedures for handling each security event detected.
  • Determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures.
  • Keep abreast of emerging technology and public policy trends in the information security space.
  • Perform additional duties, as assigned.

QUALIFICATIONS/COMPETENCIES:

  • Firm understanding of penetration testing and vulnerability assessments.
  • A strong networking background.
  • Demonstrated understanding of TCP/IP networking.
  • Must have strong incident handling experience including knowledge of common probing and attack methods, network/service discovery, system auditing, viruses, and worms.
  • Experience with security testing of enterprise networks through ethical hacking a plus.
  • Experience responding to incidents in a 24/7 environment.
  • Experience working in the finance industry dealing with sensitive data preferred.
  • Cyber security analysis, incident response, or related security experience preferred.
  • Strong analytical and problem solving skills.
  • Good interpersonal, organizational, writing and communications skills.
  • Ability to work well in a team environment as a whole.
  • Self-motivator who monitors the news and threat reports in order to ascertain the potential risks to the company.
  • Experience with cloud security technologies a plus.

EDUCATION and/or EXPERIENCE:

  • Bachelor Degree or higher in Computer Science, Information Assurance, Cyber Security or related field or equivalent combination of work.
  • At least 5 years working in a technical role in Information Security
  • In depth experience with Information System Security (ISS), PKI, firewalls, intrusion detection/protection and related vulnerability assessment tools for network periphery and internal network/service discovery and topology mapping
  • Strong experience with various technologies including forensic tools, network monitoring tools, host security prevention tools, etc.
  • Demonstrate the ability to communicate clearly, to both technical and non-technical audiences, risks, threats, and vulnerabilities identified during assessments.
  • Provide leadership and strategic direction to junior staff

CERTIFICATIONS: CISSP, CCSP, CEH, SSCP, Security+, Certificate in Cyber Security, or related certifications strongly preferred.



. . . . . . . .

Security Operations Analyst



Holland America Line Inc – Seattle, WA

Seattle, WA 

We are committed to our mission: Through excellence, we create once-in-a-lifetime experiences, every time. 

We welcome your interest in joining the Holland America Group – a division of Carnival Corp. The Holland America Group includes Holland America Line and Seabourn (both headquartered in Seattle, Washington), Princess Cruise Lines (headquartered in Santa Clarita, California), and P&O Australia (headquartered in Sydney). The Holland America Group operates a combined total of 41 cruise ships with over 50,000 employees worldwide. This position will be located in our Seattle offices. 

Job Details 

The Security Operations Analyst assists in developing and maintaining an integrated security program to protect the integrity, confidentiality, and availability of information systems assets. Performing security administration functions and providing technical support on security related issues to end-users. Responsible for monitoring computing practices to ensure that individual and departmental access and rights, resources, and information are secure. 

Responsibilities: 

  • Perform security monitoring functions on various platform types: network devices, servers, applications, and databases.
  • Monitor SIEM (firewalls, servers, web proxies), IDS/IPS, WAF logs to identify malicious activity and attack patterns and participate in the incident response process when suspicious activity is noted.
  • Monitor security related websites and email distributions to possess knowledge of common exploits, vulnerabilities and countermeasures. Escalate any high risk security threats to the Information Security Management.
  • Prepare and analyze incident investigation reports on security violations reported by end-users or noted through the monitoring process, in accordance with defined investigation procedures.
  • Assist in implementation of corporate security policy functions/procedures that align to security mandates/standards that include Sarbanes-Oxley, HIPPA, and PCI compliance.
  • Routinely monitor and perform periodic audits to ensure production environments maintain necessary controls, integrity, and accessibility of data. Analyze vulnerabilities and develop recommended action plans to mitigate risks.
  • Perform policy compliance (hardening) checks to enforce security standards on network devices, endpoints (Windows, Open Systems, etc.), databases, and enterprise applications.
  • Configure and monitor security products, which include: anti-virus (A/V), APT, DLP, WAF, web content filtering, IDS/IPS, vulnerability scanners, forensics tools, SIEM, database monitoring, and e-mail content filters.
  • Handle vulnerability management process, which includes: scoping, vulnerability scanning, penetration testing, reporting, ticket administration, and remediation follow-up tasks.
  • Recognize and identify potential gaps in areas where existing data security policies and procedures require changes, or where new ones need to be developed, especially regarding future business expansion.
  • Coordinate information between GISCS and other departments to ensure security measures are enforced as requested by his/her manager.
  • Assist in maintaining policy and procedures that are designed to protect designed computer programs, databases and data files from unauthorized or accidental duplication, modification or destruction.
  • Support on-call rotation to respond to critical alerts and/or security incident escalations.
  • Perform other information security system functions, as assigned by the Information Security Manager/Supervisor.

Requirements: 

  • Bachelor’s degree in management information system, computer science, or related work experience
  • 2 years’ experience within information security or network security
  • Experience working with the following solutions: anti-virus, APT detection, data loss protection (DLP), WAF, web content filtering, IDS/IPS, vulnerability scanners, forensics tools, SIEM, DB monitors.
  • Experience working with networking device components (i.e., managed switches, routers, and firewalls).
  • Experience managing web content filtering, spam e-mail filtering, and e-mail related incidents.
  • Experience with managing vulnerability scanning (static/dynamic) and penetration testing.
  • Familiarity with fundamentals in networking/distributed computing environment concepts; ability to configure and/or correlate information in DNS, and understands basic network routing concepts.
  • Broad technical knowledge and experience which includes the following: TCP/IP, Active Directory, Microsoft Windows platforms (desktop/server), Open System platforms (desktop/servers), database platforms (SQL/Oracle) 
  • Programming and/or scripting experience preferred (e.g., Perl, Batch, or C) 
  • Service-oriented and must work easily with end users, IT administrators, and management. 
  • Industry recognized technical certification desired (MCSE, CCNA, CISSP, CISA, Security+) 
  • Excellent oral and written communication skills 
  • Ability to administer and interpret information security policies 
  • Strong organizational and analytical skills 
  • Ability to multi-task and handle changing priorities 

Benefits… 

  • Flexible Work Schedule! – 9/80 alternative workweek schedule option providing each employee with one (1) weekday off every two weeks.
  • Time off benefits – 8 paid holidays, paid vacation and paid sick time
  • Travel – Generous Cruise and Travel Privileges for you and your family
  • Health – Complete benefit plans including medical, dental, vision and flexible spending accounts
  • Wellness – Health and wellness programs include discounted health benefits and memberships
  • Tuition Reimbursement – Up to 80% with a maximum of $2000 per fiscal year
  • 401(k) – Company match of 33% on employees first 6% contribution with 100% vesting after 4 years of service
  • Profit Sharing Plan – Eligible after 1 year of service
  • Employee Stock Purchase Plan – Discount on Carnival Corporation stock
  • Training – In-house Discover University courses on professional development
  • Rewards & Incentives – Employee Recognition and Reward Programs; rideshare, financial commuter incentives; special employee discounts for local venues, banking services and retail stores



. . . . . . . .

Information Systems Security Analyst Sr



CSRA- Beavercreek, OH

Clearance Level Must Currently Possess:

Public Trust

Clearance Level Must Be Able to Obtain:

No Active Clearance Required

Suitability:

No Suitability Required

Job Family:

Information Technology

Job Description:

Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Prepares security reports to regulatory agencies. Audits and manages access management. 

DESIRED QUALIFICATIONS: BS or equivalent + 5 yrs related experience, or MS + 3 yrs related experience

# of Openings:

1

Scheduled Weekly Hours:

40

T elecommuting Options:

Telecommuting Not Allowed

Work Location:

USA OH Beavercreek – 3560 Pentagon Blvd (OHC020)

Additional Work Locations:

CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.



. . . . . . . .

Sr IT Project Manager



YRC Freight  – Overland Park, KS

Responsible for planning, scheduling and coordinating large-scale, complex technical projects. Responsible for managing project deliverables, status and quality elements throughout the lifecycle of projects spanning multiple functions, departments and business units. This includes project definition/scoping, estimation, technical architecture & design, implementation, testing, deployment and transition activities. The Senior Project Manager acts as a single interface point for clients, project teams, vendors and sponsors. The Senior Project Manager ensures program scope is in line with enterprise goals as is the focal point for ensuring projects are delivered on-time and meeting business objectives.

The projects managed by the Senior Project Manager have substantial complexity and organizational impact. Examples include business and system implementations; hardware, network and systems upgrades affecting all or significant portions of the organization and the implementation of systems impacting the financial standing or overall welfare of the corporation.

ESSENTIAL DUTIES AND RESPONSIBILITIES

  • Plan, schedule and manage large-scale, long term technical projects. Seek multiple department input throughout the major phases of project management: initiation, planning, analysis, build, execution, closeout and monitoring.
  • Provide coordination between multiple technical and business teams including DBAs, Server Administrators, Architects, Infrastructure Analysts, Developers, Operations Analysts and business contacts.
  • Utilize accepted project management techniques to develop and maintain project plans and manage project quality.
  • Manage project budgets and authorizations for expenditures.
  • Complete projects on time and within budget guidelines to ensure company and project objectives are achieved.
  • Translate technical details for people with varied levels of knowledge.
  • Identify and coordinate opportunities for the implementation of best practices, process improvements.
  • Coordinate project related change management activities – oversight, scheduling, communication and conflict resolution.

Qualifications

MINIMUM REQUIREMENTS

  • Bachelor’s degree in Business or IT discipline or equivalent experience.
  • Five (5) years experience managing large-scale, complex projects.
  • Agile/Scrum project experience. Certified Scrum Master preferred.
  • Demonstrated success managing and providing technical leadership for complex and large scale projects.
  • Advanced understanding of IT disciplines and supporting technologies.
  • Proven experience implementing complex technical solutions.
  • Strong technical understanding of software development lifecycle, methodologies, and configuration management.
  • Excellent oral and written communication skills in English; ability to read, analyze and interpret technical documents; ability to effectively communicate technical concepts and processes in simple terms.
  • Proven ability to manage multiple concurrent projects.
  • Strong organizational and leadership skills.
  • Effective verbal, written and interpersonal communication skills.
  • Ability to drive application development projects.

PREFERRED QUALIFICATIONS

  • Freight or freight related industry experience.
  • Agile Scrum Master, PMP or Six Sigma Certification.

WORKING CONDITIONS

This job operates in a professional office environment indoors. Routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines.

PHYSICAL DEMANDS

The position requires the ability to spend long hours sitting or standing while using office equipment and computers. Ability to perform repetitive tasks such as typing and keying. Occasional lifting, pushing/pulling, carrying of 10 lbs of parts, supplies and materials is required.

YRC Worldwide is an Equal Opportunity/Affirmative Action Employer
Minorities/Females/Persons with Disabilities/Protected Veterans



. . . . . . . .