This is a fully Remote and Work From Home (WFH) opportunity within the US
Science 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients' homes. The Science 37 Operating System (OS) enables universal access to patients and providers, leading to faster enrollment, greater retention, and a more representative patient population. To help us achieve our goal, we are seeking a Cybersecurity Threat Intel Engineer eager to make an impact within a mission-driven organization.
We are looking for an experienced, well-rounded cybersecurity professional who has an interest in immersing themselves into the landscape of current and emerging cyber threats. You'll be on the front lines of innovation, working with a highly motivated team focused on analyzing, designing, developing, and delivering solutions built to stop adversaries and strengthen our operations. Your research and technical work will ensure stability and resiliency of our product. Your ability to identify threats, provide intelligent analysis, and execute defenses will thwart crimes, strengthen our posture, and protect our data.
Specifically, you will serve as subject matter expert and hands-on lead for our Cybersecurity Threat Center. You will be responsible for assisting in the deployment, maintenance, tuning, monitoring, and managing of all aspects of the Threat Center, including threat hunting, triage, alert escalation, and incident response. Your experience and knowledge will play a critical role in developing and implementing strategies to secure Science 37âs customer and employee data across the globe. Acting as the front line for attacks against Science 37, your role will also include advanced analysis, evaluation of new security technology, and ensuring larger technology projects at the company are ready to be integrated into the cybersecurity monitoring functions.
Your role will include oversight and assistance in the response, analysis, and mitigation of cybersecurity incidents detected and escalated by the Threat Center in accordance with the Incident Response Plan. Knowledge and experience having been part of Cyber Incident Response Teams will be paramount in your development and streaming of the SOC/CIRT relationship.
DUTIES & RESPONSIBILITIES
Duties include but are not limited to:
- Responsible for the day-to-day Threat Center operations, ensuring appropriate CIRT response to cybersecurity events and alerts associated to threats, intrusions, and/or compromises. Executes and improves the core functions of the Threat Center, including threat detection and prevention
- Maintain and employ an understanding of advanced threats, vulnerability assessment, response and mitigation strategies used in cybersecurity operations
- Develop monitoring strategy to improve visibility into existing technologies including both internal systems and customer facing SaaS products
- Proactively research and hunt potential malicious activity and incidents across multiple platforms using advanced tools to identify and prioritizing emerging threats and potential attack campaigns
- Collaborate closely with senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks.
- Administer, monitor, and maintain SIEM/XDR deployments and applications/modules within.
- Develop dashboards and reporting to improve situational awareness and visibility of developing and existing threats
- Provide leadership and support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and be able to help automate these processes
- Ensure the monitoring and response to alerts of the intrusion detection and SIEM/XDR systems to discover and mitigate any malicious activity of the network or information assets
- Use threat intelligence to build indicators of compromise into monitoring tools, be able to integrate these tools with one another to provide data enrichment
- Ensure incidents are properly documented, procedures are followed, and chain of custody is maintained.
- Ensure successful conclusion of cybersecurity incidents according to process and procedures within the Incident Response Plan and associated playbooks.
- Perform after-action incident reporting and lead lessons-learned sessions with a diverse group of organizational resources.
- Develop up to date runbooks and Standard Operation Procedures to maintain relevancy, address current/latest threats and technology, and ensure constant improvement that meet industry standards and latest attacks and threats
- Provide analytic support pertaining to a wide range of cyber threat actors and attack campaigns
- Make recommendations to improve operational effectiveness of threat intelligence activities.
QUALIFICATIONS & SKILLS
- Bachelor's degree in MIS, Computer Science, related discipline, and/or equivalent experience
- 8+ years of overall experience in CyberSecurity within a medium to large business environment
- 5+ years of experience working in a Threat Center or Security Operations Center (SOC) and/or on Cyber Incident Response Team (CIRT), performing incident handling, sensor alert tracking, and cybersecurity case management Incident Response\forensics. Experience must show continued progression through higher roles and elevated responsibilities.
- 3+ years of experience developing hands-on with Splunk and utilizing Splunk daily
- 2+ years of experience in vulnerability management, running scans, analyzing scans, re-scanning for remediation
- Two or more professional currently held certifications related to Digital Forensics or Incident Response (e.g., GCIH, CEH, GCFE, GCFA, CFCE or other GIAC Certs).
Preferred Qualifications and Certifications
- 5+ years Security platform (Splunk) engineering/admin experience within a large-scale enterprise
- Managing Splunk App development, scripting and log management solution design
- Integrating data input from Splunk from other tools such as Nessus, AWS
- Administrating Splunk Enterprise Security Application
- Developing Splunk Dashboards, Report, Alerts, Visualizations and Optimize queries
- Architecture (Universal Forwarders, SC4S, Deployment server, etc.)
- Creating correlation and alerting rules
- CISSP, CISP, GCIA, GPEN, beyond the above certifications
- Splunk Certifications (Power User, Admin, etc)
- AWS Experience + Certifications
- Blue Team / Red Team experience
- Knowledge and understanding of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, emerging threats and vulnerabilities, and incident response methodologies
- Expert understanding of technical cyber-security threats and indicators of compromise
- Ability to identify network attacks or systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation
- Significant experience in a Threat Center, Security Operations Center (SOC), Incident Response, or equivalent roles in a large, mission-critical environment.
- Experience with threat hunting in SaaS/Cloud infrastructures, both as an individual and leading exercises with other team members.
- Ability to review and interpret device and application logs from a variety of sources (e.g., Firewalls, Proxies, Web Servers, System Logs, Splunk, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.
- Experience with the creation and tuning of alerting rules from a SIEM and other devices in response to changing threats.
- Experience using EDR tools (such as Crowdstrike, Carbon Black, Sentinel One, Cylance) to analyze events to determine true\false positive, perform malware analysis (both static and dynamic), binary triage, and file format analysis
- Cybersecurity experience with Cloud services such as AWS and their modules such as IDS, IPS, WAF, etc
- Hands on experience with Intrusion Detection Systems, Intrusion Prevention Systems
- Cybersecurity knowledge and experience related to API
- Excellent written and verbal communication skills to describe security event details and technical analysis with audiences within the cybersecurity organization and other technology groups.
- Ability to constructively partner with application development, application support, and other IT infrastructure resources to define measurement frameworks, develop KPI's and performance dashboards
- Demonstrate good working knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and other cybersecurity frameworks.
- Demonstrate sound judgement skills, critical thinking skills, analytical expertise, attention to detail, and the ability to function in a fast-paced, dynamic, global environment.
- Ability to communicate in English (both verbal and written)
The incumbent reports to the Director of Cybersecurity who will also assign projects, provide general direction and guidance. Incumbent is expected to perform duties and responsibilities with minimal supervision.
At Science 37, our focus is to provide you with a comprehensive and competitive total reward package that supports you at all stages of your career - both now and into the future. Our success depends on the knowledge, capabilities, and quality of our people. Thatâs why we are committed to developing our employees in a continuous learning culture â one where we challenge you with engaging work that adds to your professional development.
We value employee well-being and aim to provide team members with everything they need to succeed.
Submit your resume to apply!
Please mention the word WONDER and tag RMjYwMDoxZjEzOmM5MToxNzAwOmMxNjg6ODQ1YTozZmU1OjRlNTI= when applying to show you read the job post completely (#RMjYwMDoxZjEzOmM5MToxNzAwOmMxNjg6ODQ1YTozZmU1OjRlNTI=). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.