Threat Management Specialist – Tier2 (shift work) (Hybrid)

About The Position

Requirements

• Bachelor's or Master's Degree in Computer Science, Information Systems, or other related fields.
• 8+ years of IT Security experience.
• 2+ years of network traffic analysis experience.
• Familiarity with AI/ML projects.
• CERTIFICATIONS (One or more required): GIAC Certified Enterprise Defender (GCED) or GIAC Certified Security Essentials (GSEC) or CISSP, or SSCP.
• Strong working knowledge of Boolean Logic, TCP/IP Fundamentals, Network Level Exploits and Threat Management.
• Strong understanding of IDS/IPS technologies, trends, vendors, processes and methodologies.
• Strong understanding of common IDS/IPS architectures and implementations.
• Strong understanding of IDS/IPS signatures, content creation and signature characteristics including both signature and anomaly-based analysis and detection.
• Prior experience with cloud security (AWS, Azure, GCP).
• Hands-on experience with cybersecurity automation (e.g., SOAR platforms).
• Proficiency in using machine learning frameworks to develop, train, and deploy models for anomaly detection, threat intelligence, and behavioral analysis in cybersecurity contexts.
• Skills in data analysis and feature engineering, with the ability to preprocess and transform large datasets from various sources (e.g., logs, network traffic) to extract relevant features for machine learning models aimed at identifying security incidents and vulnerabilities.
• Familiarity with the application of AI/ML techniques in cybersecurity, including but not limited to automated threat detection, incident response automation, and predictive analytics. Experience in evaluating the effectiveness of AI/ML solutions in a SOC environment is a plus.
• Understanding and experience identifying and implementing automation use cases.
• Knowledge of Control Frameworks and Risk Management techniques
• Excellent oral and written communication skills.
• Must be able to obtain a Position of Public Trust Clearance.
• All candidates must be a US Citizen or have permanent residence status (Green Card).
• Candidate must have lived in the United States for the past 5 years.
• Cannot have more than 6 months travel outside the United States within the last 5 years. Military Service excluded.

Responsibilities

• Identify cybersecurity threats and gaps that require mitigating controls.
• Analyze network traffic to detect exploit attempts, intrusions, and anomalous behavior.
• Recommend and implement detection mechanisms for exploit- and intrusion-related activity.
• Provide subject matter expertise in network-based attacks, traffic analysis, and intrusion methodologies.
• Escalate incidents requiring deeper investigation to senior members of the Threat Management team.
• Execute operational processes in support of security incident response efforts
• Leverage AI/ML-based tools to detect anomalies, automate incident triage, and enhance threat intelligence.
• Perform and analyze threat intelligence to assess risk and adapt defenses using ML-enhanced tools.
• Manage email security using Proofpoint; monitor threats and respond rapidly to attacks
• Configure and maintain Splunk for log analysis, alert creation, and security incident investigation.
• Configure Cisco Firepower for network monitoring, analyze traffic patterns, and enforce security controls.
• Deploy and manage SentinelOne agents, monitor alerts, and conduct comprehensive security assessments.
• Monitor, review, and respond to security alerts and incidents across multiple platforms, including Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud Security Command Center (SCC).
• Conduct threat detection and analysis, investigate suspicious activity, coordinate incident response, and implement remediation actions.
• Tune security policies, maintain visibility across cloud and endpoint environments, and support continuous security posture improvement.
• Stay current with emerging cybersecurity threats, threat actors, and AI/ML research.
• Identify and support security automation use cases, including AI/ML-driven SOC enhancements.
• Collaborate across Operations to deliver SOC capability improvements through automation and AI.