IT Security Engineer - Sr IT Security Engineer

The ideal candidate will be proficient in the following technologies:

THIS JOB DESCRIPTION DOES NOT ATTEMPT TO LIST ALL OF THE DUTIES THAT ARE OR MAY BE PERFORMED IN THIS POSITION

Primary Duties

1. Manages SIEM and performs analyses of incidents from multiple sources for severity and risk. Performs network traffic and log analyses. Additionally, performs configuration and administration of the SIEM environment including but not limited to installation of new agents, configuration of alerts and rules, reporting, and overall health of the system.

2. Exercises independent thinking to prioritize and differentiate between potential intrusion attempts and false alarms. Advises incident responders in the steps to investigate and resolve computer security incidents.

3. Identifies, reports and resolves security incidents. Determines appropriate resources needed to resolve incidents and works with resources to identify malicious activity. Creates and tracks investigations through resolution.

4. Composes security alert notifications. Deploys and maintains security controls within the network environment to help prevent and detect security events.

5. Maintains up-to-date knowledge of information technology related trends, external threats, current vulnerabilities, attacks, and countermeasures as they are published from organizations such as ICS-CERT.

6. Develops periodic reporting and trend analysis of identified issues and aides in tuning to reduce false positives. Collects and tracks incident metrics related to IT security.

7. Writes and implements programs and routines in various scripting languages to improve and automate security triage tasks.

8. Acts as secondary interface between users and IT engineering and security operations.

9. Participates in the planning and execution of contracted services with outside vendors (e.g., security monitoring and analytical services).

MINIMUM REQUIREMENTS & SKILLS

Educational/Experience Level:

Bachelor's degree in Computer Science or a closely related field and four years related experience in Information Security, or equivalent.

Computer Skills:

Strongly Preferred Skills:

1. Experience on a computer incident response Team (CIRT), computer emergency response team (CERT), computer security incident response center (CSIRC) or a security operations center (SOC).

2. Experience with anti-virus, intrusion detection systems, firewalls, active directory, vulnerability assessment tools and other security tools found in large network environments; along with experience working with security information and event management (SIEM) solutions.

3. Experience with vulnerability management, log management, analysis, and monitoring, virtual private networks, virtualization, firewalls, web application security concepts and intrusion detection/prevention systems.

4. Shell scripting experience with unix tools (sed, awk, grep, etc) and Python

5. Experience with syslog technologies (e.g., syslog-ng, rsyslog, Snare and SIEM technologies).

6. Strong technical background in operating systems (UNIX/Linux, Windows), internet applications (electronic mail, web, DNS/DHCP, TCP/IP), desktop software (Microsoft Office, virus detection programs), encryption (SSL, TLS, IPSEC) and networking hardware and software.

7. Understanding of protocols and standards such as TCP/IP, LDAP and 802.1x and network management tools such as SNMP, and NIST.

8. Knowledge of local and federal law enforcement practices, procedures, and evidential chain of custody, as related to IT security incidents.

9. Strong knowledge of network PCAP analysis tools (ex, WireShark).

10. Knowledge of LogRhythm or compairable SIEM technologies.

11. Understanding of the Lockheed kill chain and analysis of each stage.

12. Experience with Forensics tools such as Volatility, Encase, etc

13. Knowledge of PCI compliance and performing triage within a PCI environment is a plus.

Additional Relevant Skills:

1. Professional security certification (i.e., CEH, CISSP, ISSP, SSCP, GIAC, etc.).

2. Experience within the Department of Homeland Security or other government agencies.

3. Experience with digital media analysis (DMA) and computer forensics.

4. Background in utility scripting and programming (Python, Powershell and Bash) and network operations.

Communication Skills:

Requires the ability to communicate effectively and the skills to inform, persuade and/or influence internal and/or external customers and senior management on matters of a technical and/or complex nature.

Numeric Skills:

Requires the ability to perform analyses involving ratios, percentages and simple statistical methods.

Work Conditions:

Works in an office environment. Must be available to respond to emergency security incidents outside of normal business hours.

Requires occasionally performing activities including, but not limited to, bending, stooping, grasping, reaching, twisting, turning and/or lifting.

Atmos Energy Corporation is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or veteran status.

Job Family:

Infrastructure