As a member of our team, you'll keep an eye on the evolving threat landscape, staying ahead of emerging threats that may target our company, customers, and vendors. You will conduct research to understand our technological footprint, the potential pathways attackers could traverse to compromise our systems and develop detection strategies to ensure we quickly identify malicious activity. You will drive visibility improvements across the company to ensure the team is always equipped with the necessary data to protect BigBear.ai. Tooling and automation will be key to success as we scale our business to meet the dynamic demands of our customers.
We are a remote team of high performers. While prior experience working remotely isn't required, you must perform well given a high level of independence and autonomy while collaborating asynchronously within and across teams. Occasional travel to the Washington, D.C. metropolitan area may be required.
What you will do
- Design, implement, and manage robust cybersecurity measures and access management solutions to protect the organization's systems and networks.
- Assist with the implementation, operationalization, or optimization of projects in support of the cybersecurity program.
- Conduct network and system vulnerability assessments using appropriate security tools to identify and address potential threats.
- Follow and establish security monitoring and response procedures and processes for monitoring system security events and measuring compliance with organizational security policies and procedures.
- Assist the Security Operations team in responding to security incidents, ensuring a swift and effective resolution.
- Provide advanced troubleshooting of security, access, and network security problems from a cybersecurity forensics and protection perspective.
- Ensure the success of the vulnerability management program by triaging security risks and working with system owners to mitigate findings in accordance with SLAs.
- Work closely with the GRC team on the development and implementation of standards, operating procedures, and controls. You will also coordinate and document exemptions to established security controls.
- Routinely collaborate with IT and business units to manage access control processes and application integration. Works with business to ensure access control is integrated with business requirements for any new application.
- Assists with external information security audits for regulatory compliance and assessments such as penetration testing.
- Other duties as assigned.
What you need to have
- Clearance not initially required, however, must be clearable to SECRET.
- 5+ years of experience in IT security engineering
- Bachelors Degee in Computer Science, Cybersecurity or similar OR an additional 4 years experience in lieu of degree
- Proficient understanding of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
- Excellent written communication skills. Must be able to clearly communicate risks at both strategic and tactical level.
- Experience operating within NIST 800-171, CMMC or equivalent cybersecurity frameworks.
- Experience with Microsoft product line including but not limited to M365, Azure, Cloud Security (Defender), Purview Information Protection.
- Experience with log ingestion and analysis.
- Experience with Security Information and Event Management (SIEM)s including deployment and configuration, compliance monitoring, tuning, and content management.
- Working knowledge of Operating System security
- Familiarity with MITRE ATT&CK and researching emerging threats.
- Ability to break down complex detection logic, and to explain to others how the detection works, the theory behind it, and also what to do when the alert is triggered
- Understanding of which logs are available and useful for:
- Linux (Production Workloads), Mac, Windows
- AWS, GCP, and Azure
What we'd like you to have
- ServiceNow IT Operations
- Zscaler or other SASE solution
- Strong Access Control experience including Privilege Access Management
- AWS
- Cloud Workload Forensics - Memory and Storage collection and analysis
- Understanding of legal holds, chain of custody and other IR activities
- 2+ years in a role performing Threat Detection, Incident Response, Threat Intelligence, or Abuse Mitigation
- Understand how to develop rules utilizing hypothesis driven detection research leveraging tools such as:
- Python
- Athena, SQL, Presto etc.
- Threat Intelligence Services and OSINT