Cyber security engineers are responsible for developing, maintaining, troubleshooting, and protecting the security of the internal environment and that of our customers in real time. The Cyber Security Engineer is tasked with providing technical expertise in all areas of network, system, and application security. In this position the Cyber Security Engineer must effectively analyze and design the best security solution within the context of a client’s unique environment to proactively suggest the best methods and tools to implement in customer environments. This role will develop tools and products according to documented procedures and industry best practices. The responsibility for this position has the potential to also include analyst level work as the need arises. The Engineer must report all possible security incidents, potential breaches, attacks, threats, and evidence of compromise.

Key Responsibilities:

• Safeguards information system assets by identifying and solving potential and actual security problems.
• Protects systems by implementing defined access privileges, control structures, and resources.
• Completing written reports in compliance with current reporting procedures and policies.

• Ability to interact with and lead discussions with business executives across different functions and lines of business.
• Effectively communicates investigative findings to non-technical audiences.
• Ensuring the security technology provided by the organization is performing to optimal standards with customers.
• Gain knowledge of existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.
• Maintain an awareness of industry challenges and advancements to add value to existing technologies and processes used within the team.
• Maintain knowledge of industry trends and current security practices by attending educational workshops and reviewing relevant publications on a regular basis.
• Effectively apply information security theories and concepts to specific circumstances.

• Recognizes problems by identifying abnormalities/reporting violations.
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Determines security violations and inefficiencies by assisting with periodic audits.
• Upgrades systems by implementing and maintaining security controls.
• Keeps users informed by preparing performance reports and communicating system status.
• Maintains quality service by following organization standards.
• Assists with incident response and remediation.
• Effectively track time spent and keep accurate notes for work performed.

• Performs other related duties as assigned.

Skills and Qualifications:

• Ability to work independently and with a team.

• Ability to write detailed, concise, and accurate reports and plans.
• Ability to communicate with non-technical audiences, technical concepts.
• Working knowledge of cybersecurity monitoring tools
• Working knowledge of security incident and event monitoring (SIEM)
• Working knowledge of end-point security tools
• Vulnerability assessments and conducting relevant incident response.

Education and Experience:

• Bachelor’s degree in Computer Science, Information Systems, or equivalent education or work experience.
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
• Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations.
• Experience with vulnerability scanning solutions.
• Proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security
• In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Microsoft Sentinel, Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk, etc)
• Experience developing and deploying signatures (e.g. YARA, Snort, Suricata, HIPS)
• Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands.
• Experience with Microsoft 365 and Azure with a heavy focus in security-based functions and best practices.

Bridgehead IT is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Bridgehead IT are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. We do not tolerate discrimination or harassment based on any of the above characteristics.