Job Summary | Major goals and objectives.
The Information Security Operations Engineer position helps protect Meredith brands and Meredith client brands against various security risks and attack methods. This individual is a member of the Meredith IT Security team and works cross-functionality to respond to threats that may arise against our technology and application resources.
Essential Job Functions
Incident Response-Blue Team:
Defend, monitor and respond to security indicators by correlating and analyzing a variety of application, network and host-based security logs across various computing environments (on-premise, cloud, SaaS, etc.) and determine the correct remediation actions and escalation paths for each incident. Configure, implement, and optimize security protection and detection capabilities such as vulnerability scanning, configuration compliance scanning, firewall reviews, intrusion prevention/detection systems, internet protection and log management infrastructure. Appropriately instrument systems and applications to detect and alert on attacks, and coordinate with security tools and automation to implement automation for detection, escalation and remediation. Perform risk analysis of vulnerabilities and threats and evaluate efficiency of existing protection and detection mechanisms. Evaluate new and emerging technologies for appropriateness, fit, and functionality with our current technologies, and the strategic plan. Use experience and knowledge from attacks to work with our infrastructure and applications teams to reduce the attack surface and harden configurations, architectures and data storage structures. Design, develop and implement automated incident response methodologies. Conduct incident response exercises and cyber defense drills to evaluate and improve processes related to threat detection, incident response, patching and remediation. Provide information regarding intrusion events, security incidents, and other threat indications and warning information to teams and leadership as part of incident response. Author post mortem reports to be provided to senior leadership following an intrusion or red team engagement. Creates and maintains a working relationship with business partners, IT teams, local and federal officials and vendors.
Perform threat hunting exercises using threat intelligence, analysis of anomalous log data and results of historical events and data to detect and respond to threats. Maintain awareness of new and emerging security threats. Develop anomaly detection dashboards and reports to identify potential threats, suspicious activity and intrusions. Research industry trends, identify ongoing security threats, analyze new security testing tools, and provide recommendations on the need and usefulness of services and/or products. Gather threat intelligence and build, optimize, and develop systems for effective and efficient security response. Consult and provide risk management recommendations with cost analysis based on environment. Develop and design technical recommendations and execute remediation and mitigation strategies.
Security and Compliance Operations:
Performs daily operations and execution of security-related tools, processes and controls related to security prevention and defense initiatives. Supports solutions such as network proxies, intrusion detection/prevention systems, remote access, multi-factor authentication, security event monitoring, infrastructure and system hardening, patch deployment and vulnerability management. Help coordinate and drive remediation of identified risks and control deficiencies. Serves as technical and functional subject matter expert across multiple security domains, raising awareness and communicating security risks within the company. Help lead incident response and technical investigations, as assigned.
Provide prompt, courteous and professional customer service, and collaborate with business and technology staff to support Meredith Corporation objectives. Serves as technical and functional subject matter expert across multiple security domains, raising awareness and communicating security risks within the company. Supports projects to ensure they are delivering on time, cost effective solutions that meet security and functional specifications. Effectively communicate security concepts with both technical and non-technical individuals.
Minimum Qualifications and Job Requirements | All must be met to be considered.
Bachelor’s Degree in Information Assurance, Computer Science, Engineering or equivalent education and experience.
Industry certification such as CISSP, CASP, GCIA, GCIH, GPEN, GCFA, CEH, CISA, CISM is a plus.
Five or more years of experience in Information Security and two years’ experience as a member of a Security Operations Center (SOC) or investigating security incidents.
Specific Knowledge, Skills and Abilities:
% Travel Required (Approximate): Less than 5%
It is the policy of Meredith to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Meredith will provide reasonable accommodations for qualified individuals with disabilities.
Job DescriptionImportant Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your…Read More