The Cyber Security Engineer is part of the Ameriprise Cyber Security team that is responsible for 24x7 monitoring, threat intelligence, counter measure development(Counter Threat), and incident handling of Ameriprise cyber threats. Working as a team, leading and learning to effectively leverage security controls/tools to best managed Ameriprise cyber risks. A responsibility also includes weekly on-call rotation.
Analyze security events from various sources and determine if it qualifies as a legitimate security incident.
Create scenarios/rules to enable detection tools to look for indicator of compromise on Ameriprise assets.
Respond to and drive remediation of critical incidents according to standard operating procedures (SOP).
Initiate escalation procedures to counteract potential threats/vulnerabilities.
Ensure incidents are handled in a manner that is consistent with policy and procedure.
Coordinate communication activities in support of Incident Response (IR) processes.
Interface with technical personnel from various disciplines to rapidly resolve critical issues.
Create recommendation to the leaderships of incidents and propose effective response and/or countermeasures for containment.
Participate in knowledge sharing with other security engineers and partner.
Identify, document, and recommend new or revised processes, policies, and SOPs.
Perform incident investigations, determining the cause of the security incident while preserving evidence for chain of custody with internal and external partners.
Perform malware analysis/reverse engineering with approved tools in Ameriprise Environments
Threat Intelligence Assessment
Assist, and/or perform, comprehensive threat intelligence assessments. This may include providing reporting on assessment results as well as risk mitigation and remediation recommendations and plans.
Keep current with emerging security trends, issues and alerts.
Communicate known security risks and solutions to leadership in order to mitigate risks to business and technology partners as needed.
Process Champion & Counter Measure Development
Drive continuous improvement of processes and procedures to improve analysis of events, event handling activities, develop counter measure to prevent, detect, or investigate ever-changing threats and support overall Cyber Security services.
Streamline, develop repeatable process, with automation or semi-automation to ensure quality, effectiveness and efficiency (i.e. scripting, process modification)
Develop threat scenarios, and test cases to measure security tools effectiveness in prevention, detection and investigation capabilities
Own and drive a real-time alert rules creation and modification process.
Bachelors degree in Computer Science, MIS, Technology Forensics, or related technical field; or equivalent work experience.
5-7 years of relevant experience required.
5+ years experience installing, monitoring and maintaining information security solutions - including policy design and implementation.
3+ years experience evaluating and designing security solutions for technology projects.
Demonstrated understanding of security related technologies and practices, including: authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, secure remote access, and firewalls.
Strong/diverse technical background in enterprise networking, firewall, storage options, server infrastructure, operating systems, database technologies, and desktop operating systems and security.
Prior experience using cloud infrastructure (AWS, Azure, and/or GCP)
Demonstrated experience contributing and collaborating effectively as an informal leader in a high-functioning team.
Effective organizational, analytical and independent problem solving skills.
Successful experience coordinating and completing multiple tasks within established and changing deadlines.
Strong presentation skills with experience addressing and interfacing with executives and technical staff.
Experience working in the financial services industry or other highly regulated/compliance oriented environments.
Experience with regulatory compliance issues such as: FFIEC, OFCC, SEC and Federal Reserve plus: SOX, GLBA and PCI.
Holding Information Security related certifications: CISSP, CISA, CISM, CRISC, or equivalent security certification.