POSITION SPECIFICATIONS: • Bachelor’s Degree in computer science, Information Systems, Finance, or equivalent work experience required; Master’s degree preferred • 10 years of experience in the information technology field with a minimum of five additional years concentrated in information security and five years of forensic experience • Experience necessary to serve as an individual contributor, a project and/or technical leader, and project coordinator required. • Possess the security knowledge and experience associated with most the organization’s diverse technologies used or similar technologies used: o This includes but not limited to, SIEM, Endpoint Security, URL Filtering, Firewalls, IDS/IPS, O365/ Azure Security tools, CASB, PAM and Vulnerability Management. o Technologies preferred: LogRhythm, Fidelis Network, Palo Alto, , Qualys +Crowdstrike, Sailpoint, Thycotic, Prisma, NetScaler, Mimecast • Experience in conducting in depth investigations, using forensic tools and methods to identify, detect and contain security events required • Experience in utilizing external threat intelligence and applying it to security tools for detection and prevention of security incidents required • Experience conducting risk and security assessment required • Experience utilizing penetration testing tools to analyze and identify areas for improvement • Understand standard security practices; network architecture, routing and TCP/IP protocols; administrating and analyzing Unix/Linux, and Microsoft operating systems; administrating and analyzing Unix/Linux and Microsoft operating systems required.

MAJOR DUTIES: • Monitor and review SIEM, IDS/IPS, Endpoint security, O365/Azure security tools, URL Filtering and firewall logs for threats. • Configure and tune security tools to efficiently identify and alert on security events. • Conduct in depth investigations and resolve identified events, using forensic tools and methods to identify, detect and contain security events. • Apply appropriate incident response handling procedures to investigations. • Develop and maintain security incident handling procedures. • Develop and maintain a threat intelligence program integrated with security operations. • Enhance Security Operations through process improvement and automation. • Create documentation related to configurations, alerts, incidents, investigations and security operation processes. • Train and mentor security operations staff on incident handling, investigative techniques and threat hunting. • Keep abreast of advances and developing trends and standards in technology. • Manage and maintain a vulnerability management program, working with appropriate system owners for remediation.

HOURS/LOCATION: • 8:30 a.m. – 5:00 p.m. (Overtime as required) • Hybrid schedule • Warrendale location (Work at downtown location when required).

EXPLANATORY COMMENTS: • Excellent oral and written communication and interpersonal skills • Good decision making and problem-solving skills • Good analytical skills with attention to detail and accuracy • Ability to work on multiple projects simultaneously • Ability to work effectively both individually and as a member of a project team.