- Own maintenance of network routing and security products
- Create, maintain, and refine network traffic flow diagrams for the enterprise network which reflect the current state.
- Manage network segmentation for globally distributed workforce that contains a combination of in-office workers, remote workers, and various software development regions (dev, QA, production).
- Implement network, workstation, server, perimeter, and endpoint logging as required to gain visibility into network activity
- Monitor aggregated logs for signs of suspicious lateral or internal/external traffic.
- Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis (e.g., SIEM, IPS, firewall, etc.).
- Responsible for proper escalation, communications, and management of IT system problems
- Configure and manage network monitoring and reporting tools as to provide required operational and management information
- Document procedures and make recommendations for improvements.
- Create content (correlation rules, queries, dashboards, reports, etc.) in industry leading SIEM tools such as ElasticSearch.
- Actively look for opportunities to augment and integrate with data collected from our internal endpoint monitoring solution.
- 3+ years of full time hands-on information security experience
- Strong knowledge of information security principles and practices
- Strong experience with enterprise-grade firewalls and networking equipment
- Experience with incident response and analysis, preferably in a leadership role
- Strong knowledge in the use of common information security and networking tools such as nmap, Wireshark, Nessus, etc.
- In-depth knowledge of TCP/IP and networking concepts, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
- Strong knowledge of IDS/IPS, enterprise firewalls, proxies and other network security technologies.
- Strong knowledge of security implications involving a variety of technologies including but not limited to Microsoft, Unix/Linux, and other market leaders in technology solutions, including mobile devices
- Hands-on experience working with at least one enterprise SIEM platform (e.g., Splunk, Arcsight). Strong knowledge of ElasticSearch and Kibana is preferred.
- Experience working in a software vendor environment is desirable
- Strong written and oral communication skills
- Ability to work independently with little or no supervision
- Flexible work schedule to troubleshoot escalated issues out of hours and apply production changes where needed
- Experience working with geographically distributed and remote workforce.
- Windows and UNIX/Linux command line scripting experience and programming experience.