Cybersecurity Security Configuration Management Consultant
Job Description : Job Description
The Cyber Security Analyst III, a senior role within the cyber security team, will investigate and respond to possible or confirmed cyber-attacks or vulnerabilities within the SunTrust environment. Provide direct analysis of high level or broad-scope security issues and risks identified by key systems and other sources. Produce strategic level analysis and reporting of cyber security events and trends to inform decision-making processes and the holistic cyber security risk posture of the bank. Provide quality assurance to ensure events and risks are scoped and assessed appropriately. Assess scope of security issues and develop best practice approaches to remediation. Regularly participate in threat hunting, penetration testing, and/or deep dive research projects as assigned to challenge assumptions and articulate true, proven cyber security risk within the bank. Document & communicate analysis results or findings to both technical and business audiences. Track and drive identified cyber security risks through remediation & recovery. Provide coaching and mentorship to Level 1 and 2 cyber security analysts. Additionally , the Cyber Security Analyst III may participate in the forensic collection and analysis of digital evidence to support HR, Legal, and other investigations. Qualifications
- Three or more years' working experience in a technology environment, two or more years must consist of a role directly related to cyber security.
- Extensive working knowledge of common IT and security concepts with emphasis on TCP/IP network security, operating system security, modern attack and exploitation techniques, cyber incident response, malware analysis, computer forensics and the tools that support these processes.
- Ability to solve complex problems by applying best practices.
- Demonstrated proficiency utilizing security platforms related to logging, event correlation, incident management, vulnerability management and/or computer forensics.
- Demonstrated teamwork and collaboration skills.
- Strong time management skills and ability to manage competing priorities effectively.
- Highly effective verbal and written communication skills for the purpose of providing extensive information about event timelines, technical designs, system concepts and business impact to audiences at all levels within the organization.
- Ability to obtain requisite technical certification(s) within six months of hire.
- 5 or more years of hands on experience with configuration / policy compliance scanners like Qualys Tenable, JAMF, and InsightVM
- 5 or more years of combined experience supporting Microsoft Windows servers and endpoints, Mac endpoints, Apple and Android Mobile devices, Linux & Unix servers, virtual infrastructure, and network assets (e.g. routers, switches, firewalls, load balancers, etc.)
- 5 or more years experience creating and enforcing security hardening / policy compliance standards
- 2 or more years experience developing and maintain vulnerability management policies, procedures, processes, and guidelines
- 2 or more years experience with Cybersecurity framework like NIST, COBIT, ISA, and ISO
- 2 or more years experience with PCI-DSS 3.x standards
- At least one or more years of experience with Center for Internet Security (CIS) benchmark standards
- At least one or more years experience with Agile framework (e.g. CI/CD)
- At least one or more years experience with securing Public Cloud services (e.g. IaaS, CaaS, PaaS, SaaS)
- Exposure to modern scripting languages like Python, Go, and Ruby
- One or more leading Cybersecurity certifications like Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH), and Certified Information Systems Security Professional (CISSP)
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national origin, age, disability, veteran status, pregnancy, marital status, citizenship status, sexual orientation, gender identity, genetic information, or any other classification protected by applicable laws.
To review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf