Saturday, November 7, 2015

Like PCAPs, PCREs?

Yeah, I like PCAPs and PCREs! Gotta a really cool one waiting for the SANS Boston 2016 webpage to be posted. You will have to read to the bottom to get to the joke. Yes, this is real. Name of the company has been changed to protect.

• Responsibility for information cyber security analysis & response with the mission of protecting ACME from internet attacks / threat actors.
• Technical lead for IPS solutions
• Lead initiatives and the implementation of capabilities in order to advance the Cyber Threat program
• Automate threat intelligence gathering and attacker profiles to direct hypothesis-driven searches for indicators of compromise
• Enhance and distribute security incident response and escalation procedures to ensure timely and effective handling of security events and alerts.
• Enhance ACME’s Cyber Security program and strategy to expand threat management services across all business units.
• Maintain industry affiliations that provide ACME with the necessary intelligence to proactively respond to threats. Such affiliations may include NH-ISAC (National Heath Information Sharing and Advisory Center), HiTrust, DHS (Department of Homeland Security), FBI, etc.
• Apply knowledge of technical, analytical skills to ensure the confidentiality, integrity, and availability of all information systems assets and ensure compliance with company policies, procedures, contractual, and regulatory requirements.

Skills and Experience
• Experience building cyber security toolsets and solutions across non-integrated business units.
• Experience with architecture, design, and management of NIPS technologies and best practices 
• Experience with SEIM technologies and best practices, and experience implementing a more robust advanced security data analytics capability.
• Malware detection, analysis, exploitation, containment, and eradication techniques experience (Not just commercial tools)
• A solid understanding of Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Risk Assessment and Mitigation methodologies, and Counter Threat Operations.
• Experience monitoring and managing network and host-based intrusion prevention systems actively in-line, Full Packet Capture (with analytics), Sandboxing, data loss prevention, malware prevention systems, vulnerability scanning solutions, DDOS protection, Security Event/Information Management, host-based integrity checking, end-point security and AV. 
• Proficiency in OS platforms, including Linux, Unix, Windows and AIX. Capable of building and maintaining an organization with expert knowledge of information technology functions, practices and business units. Has strong expertise in multiple systems and in the functions and business units supported.
• Knowledge of scripting languages, including python, perl, php, Ruby, and JS. 
• Knowledge of toolsets and frameworks like elasticsearch, splunk, OpenSOC, OpenIOC, STIX, TAXII, CybOX
• Knowledge of information security concepts and theory, and the application of such through technical and non-technical methods.
• Solid understanding of cyber security threats, risks, vulnerabilities and attacks, to include threat actor motives, capabilities, and techniques, with the ability to analyze intelligence data and provide indicators and warnings to healthcare and financial services business functions.
• Demonstrating an ability to work under stress/pressure to meet deliverables, timetables and deadlines.
• Demonstrating personal integrity and high ethical behavior at all times to inspire confidence in clients, peers, partners and employees.
• 5+ years' industry experience in a mission-critical environment.
• Knowledgeable of current and emerging security and information technology standards and practices. 
• Understanding of key InfoSec regulation & frameworks (PCI, GLBA, HIPAA, ISO 27001, HITrust, EHNAC) is a plus.
• Bachelor’s degree required – preferably Computer Science or MIS.

• Must possess an active industry InfoSec related certification (i.e.- CISSP, CEH, CISM).

I am reminded of a scene in the movie Independence Day when Will Smith asks can you really do all that stuff you just said. The CISSP, CEH and CISM are all fine certs, however they aren't going to even start to prepare someone for this list of requirements. The GSE comes close, but this is tailor made for an STI graduate