Apex Systems
Cybersecurity Analyst
The purpose of this position is to provide cybersecurity services in the operation of the cybersecurity program. The ideal candidate will be a team player who has experience with large enterprise cybersecurity programs including vulnerability management, security and event monitoring, threat evaluation, risk management, incident response, and compliance activities. The engineer will mentor junior cybersecurity team members, lead cybersecurity operations, perform system architecture reviews, perform risk-based analysis, lead cybersecurity incident response, participate in DevSecOps processes and perform compliance related activities. Lead an enterprise class cybersecurity team. Perform compliance activities and audits such as policy reviews, process reviews and third-party security audits. Conduct and participate in cybersecurity related investigations and incidents. Conduct computer forensic activities. Familiar with database, network, virtualization and operational technology operations, concepts and design. Perform risk and threat analysis for systems, applications and third parties. Evaluate vulnerability and threat information to assess, measure and prioritize mitigations based on risk. Participate in DevSecOps processes and familiarity with programming practices, threat modeling, and testing methodologies. Knowledge of principles of cyber security best practices and concepts. Experience with performing compliance activities and audits such as policy reviews, process reviews and third-party security audits. Familiarity with HIPAA, CJIS, CDPA along with other Federal and state privacy regulations as they pertain to data privacy and information security control requirements. Experience with the monitoring and operation of SEIM applications. Experience with configuring and operating an enterprise class anti-virus/anti-malware system including policy, scanning and remediation activities. Experience conducting and participating in cyber security related investigations and incidents. Familiarity with database, network, virtualization and OT operations concepts and design. Experience evaluating application and IT infrastructure for risk and threat assessment. Experience with security architecture and security best practices for AWS, Azure, Google Cloud and/or other public cloud platforms. Experience with evaluating vulnerability and threat information to assess, measure and prioritize mitigations based on risk. Experience in participating in DevSecOps processes and familiarity with programming practices, threat modeling and testing methodologies. Familiarity with NIST Cyber Security Framework and ISO 27001 Framework. BS/BA degree in related discipline strongly preferred (i.e. Engineering, Computer Science, or similar technical degree). 1+ years' experience in networking, programming, IT infrastructure or related discipline. 5+ years' experience in cyber security risk management, compliance or threat management or related discipline. Holds one or more of the following certifications: Security+, CCNA Security, CCNP Security, GSEC or CISSP
The purpose of this position is to provide cybersecurity services in the operation of the cybersecurity program. The ideal candidate will be a team player who has experience with large enterprise cybersecurity programs including vulnerability management, security and event monitoring, threat evaluation, risk management, incident response, and compliance activities. The engineer will mentor junior cybersecurity team members, lead cybersecurity operations, perform system architecture reviews, perform risk-based analysis, lead cybersecurity incident response, participate in DevSecOps processes and perform compliance related activities. Lead an enterprise class cybersecurity team. Perform compliance activities and audits such as policy reviews, process reviews and third-party security audits. Conduct and participate in cybersecurity related investigations and incidents. Conduct computer forensic activities. Familiar with database, network, virtualization and operational technology operations, concepts and design. Perform risk and threat analysis for systems, applications and third parties. Evaluate vulnerability and threat information to assess, measure and prioritize mitigations based on risk. Participate in DevSecOps processes and familiarity with programming practices, threat modeling, and testing methodologies. Knowledge of principles of cyber security best practices and concepts. Experience with performing compliance activities and audits such as policy reviews, process reviews and third-party security audits. Familiarity with HIPAA, CJIS, CDPA along with other Federal and state privacy regulations as they pertain to data privacy and information security control requirements. Experience with the monitoring and operation of SEIM applications. Experience with configuring and operating an enterprise class anti-virus/anti-malware system including policy, scanning and remediation activities. Experience conducting and participating in cyber security related investigations and incidents. Familiarity with database, network, virtualization and OT operations concepts and design. Experience evaluating application and IT infrastructure for risk and threat assessment. Experience with security architecture and security best practices for AWS, Azure, Google Cloud and/or other public cloud platforms. Experience with evaluating vulnerability and threat information to assess, measure and prioritize mitigations based on risk. Experience in participating in DevSecOps processes and familiarity with programming practices, threat modeling and testing methodologies. Familiarity with NIST Cyber Security Framework and ISO 27001 Framework. BS/BA degree in related discipline strongly preferred (i.e. Engineering, Computer Science, or similar technical degree). 1+ years' experience in networking, programming, IT infrastructure or related discipline. 5+ years' experience in cyber security risk management, compliance or threat management or related discipline. Holds one or more of the following certifications: Security+, CCNA Security, CCNP Security, GSEC or CISSP