We are filling a contract to hire role in Miami for a Cyber Threat Investigator.

This position is W2 ONLY. No other payment term, visa transfers or sponsorship allowed.


ESSENTIAL DUTIES AND RESPONSIBILITIES:
• Investigate actual or potential incidents and/or cyber security breaches to determine the cause and extent of the breach. 
• Model and analyze attack patterns within onsite, off shore and at cloud managed services environment and implement appropriate detection capabilities within security and other I.T. Systems 
• Perform analysis for potential compromise using existing security tools including Cylance, Checkpoint, Fortinet, Splunk, and managed third party services. 
• Coordinate program activities of onshore and offshore threat analysts to provide status reporting, “bad Actor” activity, behavioral trends, threat modeling, anomaly’s and other supporting tasks.
• Participate in forensic work as required, including collection, preservation of electronic evidence. Provide data to Legal and Law enforcement to support prosecution and litigation as necessary.
• Assist with implementation of User Behavior Analytics (UBA) tools and monitoring methodologies for detection of inappropriate behavior to mitigate the risk of material weakness within client's financial systems (SOX), theft of credit cards (PCI), call center and booking fraud, etc.
• Serve as a cyber-security subject matter expert and point of technical contact for product and software engineering teams.
• Assist with the development cyber threat maturity models appropriate to the incident response framework.
• Contribute to an incident response curriculum and assist in-house training sessions of response protocols and indicators or compromise (IOC), including individualized classes as needed, for investigative staff and other IS/IT team members to ensure appropriate development of skills and continued innovation. 
• Apply established project management office (PMO) protocols to on-board investigative and/or forensic hardware/software/services (Initiation/Planning/Analysis/Design/Build/Test/Deploy/Closeout).
• Analyze existing environment and provide recommendations for the two-year roadmap to advance IS analytics and incident response programs. 
• Produce high quality oral and written work product, presenting complex technical matters clearly and concisely. Prepare executive reports documenting security events that may be discoverable in litigation. 
• Author and maintain incident response, forensics and eDiscovery policies, procedures, and all associated documents
• Manage, coordinate and disseminate incident information and directives during declared emergencies or preventative actions mitigating potential emergencies. 
• Actively engage in liaison activities with investigative communities, law enforcement, industry associations, peer institutions, regulatory and contractual agencies/organizations and IS information sharing communities. 
• Assist with establishing the monitoring methodologies to identify Indicators of Compromise (IOC) within the environment 


Required skills/competencies:
• Must have strong verbal and written communication skills; interpersonal collaborative skills; and the ability to communicate IS and risk-related concepts to technical and non-technical audiences. 
• Assist with the management and enhancements of forensics and malware analysis lab.
• Assist with the management and enhancements for procedures/runbooks, including employee investigations, network forensics, incident response forensics, privacy, fraud and external cyber investigations.
• Candidates must be intelligent, articulate, and consensus building and be able to serve as an effective member of the team. 
• Strong understanding of compliance measurement and contractual requirements for SOX, GLBA, PCI and GDPR.
• Must have a strong understanding of TCP/IP networks and associated tools. 
• Must have a strong understanding of Apple, Linux and Windows Operating systems. 
• Must have performed hands-on operations of one or more of the following; Intrusion Protection Systems (IPS), Firewalls, Wireless Intrusion Protection Systems (WIPS), Web Application Firewall (WAF), DLP and other security technologies. 
• Preferred hands-on SIEM experience including custom report writing and correlation rules
• Preferred experience performing hands-on investigations of mobile devices and have familiarity with associated tools.
• Proficient with methodologies, tools, best practices and processes across various technology areas
• Familiarity with ISO27001, ISO27002, ISO27005, NIST and other industry standards
• Preferred experience of one or more forensics tools (i.e. EnCase, FTK, etc.)
• Preferred experience performing eDiscovery and working with legal teams
• An understanding of anomaly detection methodologies and tools.
• Working knowledge of malware detection, malware reverse engineering, and data exfiltration.
• Working Knowledge of Cuckoosandbox or other automated malware analysis tool.
• Working knowledge of a Security Operations Center (SOC) as part of a larger continuous monitoring program


Preferred Skills:
Previous experience at the NSA, DoD, or as a Military Threat Operations team member, Security Researcher, Cyber Threat • Previous experience at the NSA, DoD, NOAA Emergency Operation Center, Maritime Security Operations or as a Military Threat Operations team member, or Cyber Crime investigator required. 
• Required minimum of 6 combined years of experience in I.T, Information Security, Cyber Response, Maritime Security, or threat intelligence. 
• Preferred 3 combined years of forensic investigation, incident response, and cyber intelligence operations. 
• Preferred 3 or more years of progressive leadership experience.
• Bachelor’s degree or equivalent experience 
• Working familiarity in static and dynamic code analysis, cloud services, forensic level packet capture, reverse code engineering, identifying indicators of compromise (IOC), threat analysis, anomaly detection, next generation firewalls (NGFW) and security incident and event management (SIEM) technologies, wired and wireless intrusion prevention systems.
• Previous experience with penetration testing and vulnerability assessment tools, such as IBM AppScan, HP Fortify, Burp Suite, Metasploit, HP Webinspect, Nexpose, Nessus and NMAP.
• Strong understanding of TCP/IP networking; UNIX, Linux and Microsoft Windows-based operating system platforms and relational database management systems such as Oracle, MS SQL, and MySQL.
• Working understanding of cryptographic controls.
• Previous experience with geographically dispersed environments, shipping, gas and oil or other maritime work preferred. 
• Preferred experience with satellite communications 


Preferred Education:
Bachelors 


Required Certifications:
CISSP, CISM, CCE, EnCE, CCTA, CEH, GCIA, GCIH, or similar. 

Travel Description:
15% domestic and international travel 

Please forward your resume to Siana Johnson at sjohnson@arcgonline.com or share this information within your network.
Visit our website at http://www.arcgonline.com for more job opportunities.
Apply