• Citizens Bank
  • $107,210.00 -156,090.00/year*
  • Riverside , RI
  • Defense/Security Clearance
  • Full-Time
  • 179 Forbes St


Loading some great jobs for you...






The Cyber Defense Technical Expert is a senior individual contributor responsible for developing threat-based use cases for detecting cyber-attacks.

In addition to engineering threat-based alerts and developing anomaly-based reports for detection, the Cyber Defense Technical Expert will also be tasked with integrating real-time threat intelligence into the defensive systems.

The individual will work with multiple technology platforms and interface with other groups within Cyber Defense, Information Security, other technology, and business partners.

Primary responsibilities include:

  • Tuning of Intrusion Detection System and enhancement of detection capabilities

  • Developing new use cases to detect threats across multiple environments including network, endpoint and applications

  • Integrating cyber threat intelligence into defensive systems

  • Leading the logging enrollments from multi-tier applications into the enterprise logging platforms

  • Developing specific content necessary to implement Security Use Cases and transforming into correlation queries, templates, reports, rules, alerts, dashboards and workflow

  • Developing advanced reports and metrics to meet the requirements of key stakeholders






Qualifications :

Required Skills/Experience:

  • 7 or more years of progressive security industry experience

  • Excellent understanding of Cyber Security Operations and Incident Response processes

  • Solid understanding of various operating systems (Window, Unix, Linux, AIX, etc) with an emphasis on Security Operations

  • Experience with programming/scripting (Python, Ruby Perl, C, Java etc.)

  • Hands on experience with Security Information and Event Management technologies (QRadar, ArcSight, Splunk etc.)

  • Excellent oral and written communications



Preferred Skills/Experience:

  • Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.

  • Excellent understanding of enterprise logging standards, with a focus on application logging

  • 5 or more years of experience with SPLUNK, ArcSight and/or Qradar SIEM systems

  • Advanced knowledge of content creation concepts and best practices

  • Excellent understanding of regular expressions, development of custom/flex parsers

  • Solid understanding of security tools related to Data Loss Prevention and Privileged User Monitoring

  • Excellent Python and Unix Shell scripting skills

  • Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies

  • 5 or more years of network security and system security experience, supporting security event management tools (SIEMs)



Education, Certifications and/or Other Professional Credentials:

  • Bachelor's Degree (Security / IT Related) or equivalent combination of experience

  • A combination of relevant industry certifications including, but not limited to CISSP, GREM, GCIH, GCIA, CEH, GCED, CISA, etc.



Hours & Work Schedule

Hours per Week: 40

Work Schedule: Monday through Friday





* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

Launch your career - Upload your resume now!

Upload your resume

Loading some great jobs for you...