Are you passionate about cybersecurity? Do you consider yourself a cyber security expert? Are you motivated by curiosity, driven for success and have excellent customer service skills? Are you looking for a great opportunity to shine? Do you like working in a fun, fast-paced and rapidly growing work environment? CDW is currently looking for an experienced Information Security Specialist to join its 24x7 Security Operations Center (SOC) team for full time day shift.
The Information Security Specialist is the subject matter expert (SME) for our supported SIEM technology, as well as NGFW technologies. This role also provides second level support for security investigations from the level 2 team within the SOC.
Your background should include expert knowledge of SIEM including log integration, use case deployment, development and management, features enablement, troubleshooting and support, and client on-boarding. You should have previous experience with logging and monitoring, preferably from a level 2 SOC role, and be an experienced and agile security investigator. You should have a good understanding of network security practices. Excellent customer service while solving problems should be a top priority for you. CDW is a fast-paced, entrepreneurial environment so to be successful you’ll need to be a proactive individual, take direction well, communicate succinctly and collaborate effectively. Key Responsibilities
- Be a subject matter expert on SIEM technology such as LogRhythm, QRadar or Splunk including deployment, configuration, maintenance, use-case management
- Strong investigation skills to conduct incident investigations on SIEM that have been escalated from Level 2 team or the client.
- Have experience with at least one of the following Next Generation Firewalls (Palo Alto, Fortinet, Cisco, Juniper).
- Perform threat hunting on customer networks to detect and isolate threats and provide recommendations to customers.
- Excellent business communication and presentation skills, in many cases, being able to translate technical details into plain speak.
- Act as designated lead on customer on-boarding projects to ensure a successful transition to SOC for security monitoring services.
- Act as a point of escalation for tier 2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.
- Prepare Monthly Security Reports for managed clients which includes excellent analysis and recommendations and present them to customers during monthly meetings.
- Follow the Security Use-Case Management Framework, continually improve and tune SIEM use cases and assist in maintaining the SIEM use case library.
- Mentor L2 security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by the SOC.
- Work as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats.
- Participate in security incident management and vulnerability management processes.
- Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems.
- Develop strong relationships with vendors and escalate issues to them as needed to support the SOC and customer environments.
- Communicate effectively with customers, teammates, and management.
- Follow ITIL practices regarding incident, problem and change management
- Stay up-to-date with emerging security threats including applicable regulatory security requirements.
- Be aware of the company's information security requirements, including Immediately reporting all breaches in information security to the CSO (Chief Security Officer) and take whatever other actions may be required of him or her under the terms of ISO 27001 information security policies, Information Security Management System (ISMS) and other company security policies and procedures.
- Be aware of and abide by all company policies and procedures (e.g. Employee Code of Conduct).
- Other responsibilities and additional duties as assigned by the security management team.
- Security Operation Center positions require employees to obtain and maintain a Government of Canada Level 2 – Secret security clearance.
Other Required Qualifications
- Bachelor's Degree, Diploma and/or equivalent work experience
- 3-5 years previous security experience in conducting security investigations and working with SIEM’s and NGFW’s.
- Security monitoring experience with one or more SIEM technologies – LogRhythm, QRadar, Splunk and intrusion detection and prevention technologies.
- Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
- Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP
- Strong knowledge of IT including multiple operating systems (Windows, Linux, Unix).
- Strong knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.
- Strong understanding of security incident management, malware management and vulnerability management processes.
- Detail oriented with strong organizational and analytical skills.
- Strong written and verbal communication skills as well as presentation skills.
- Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
- Bachelor's Degree/Diploma in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering
- Preferred Information Security professional designations such as CISSP, CISM, CISA
- Preferred SIEM vendor certifications (LogRhythm, QRadar, Splunk)
- True Incident Response Handler (breach response)
- Understanding of programming and scripting such as Python, Perl, Bash, PowerShell, C++
We are a unified team of challenge takers, diverse thinkers and problem solvers. Our coworkers aspire every single day to be better than they were yesterday because we know success means never being satisfied. We believe winning requires balance - a combination of assigned work and freethinking, quick wins and quick breaks. When our coworkers enjoy what they do and who they're with, they do their best work. And that means everyone wins. Our Benefits
CDW offers a variety of benefits, perks and development programs that enable coworkers to perform at their best personally and professionally. We understand the importance of work/life harmony and strive to help our coworkers achieve it. Core benefits include:
Who We Are
- Health & Wellness
- Financial Security
- Learning & Development
- Work/Life Balance
- Coworker Perks
- Community Service
CDW is a leading technology solutions provider to business, government, education and healthcare organizations in Canada, the United States, and the United Kingdom. Our fingerprints can be found on technology in workplaces and workspaces of more than 250,000 companies; from fresh-faced startups to international conglomerates. With the breadth of products and services we offer, combined with the expertise of our specialists, there is no request too big or too small. Our coworkers across the globe are working together to bring technology to life for our customers. Awards and Recognitions
- Ranked #191 on the Fortune 500 list
- Ranked #24 on Computerworld’s 2019 Best Places to work in IT
- Ranked #10 on Fairygodboss’s list of the 2019 Best Companies for Women