Principal Consultant, Proactive Services
Palo Alto Networks
AWSAzureCloudCyber SecurityGoogle Cloud Platform
Job Level
Mid-LevelSenior
Tech Stack
AWSCloudCyber SecurityITSMLinuxPerlPythonRubyServiceNowSMTPSplunkTCP/IPUnix
About the role
- 100% customer-facing position managing technical security controls and communicating vulnerabilities, exploits, and incidents within operations teams
- Provide day-to-day operation support of the client's security infrastructure or day-to-day monitoring, management, and response to security events
- Perform day-to-day management of the security infrastructure within area of expertise and/or perform incident/event/detection response and analysis of security events in the enterprise
- Participate in and/or own project improvement efforts including infrastructure upgrades, automation development, implementation/testing of new systems, processes, or techniques, documentation, etc.
- Interact routinely with technology team leadership (i.e. senior security engineer and/or Team Lead)
- Assist with the documentation of procedures for security infrastructure
- Oversee deployment, configuration and ongoing management of the Insider Threat and Endpoint DLP solutions; ensure platform scalability, performance optimization and high availability across the enterprise
- Support and assist insider threat team with gaps identified while investigations by analyzing alerts and logs generated by the Insider Threat and Endpoint DLP solutions
- Support and assist with policy development & refinement for rulesets; customize configurations based on evolving organizational needs and threat landscapes
- Integrate platform solutions with other Cybersecurity tools such as SIEM, SOAR and EDR/XDR platforms
- Monitor platform health and proactively address potential issues; generate and present detailed health reports & platform performance metrics to stakeholders
- Automate repetitive tasks to enhance efficiency and streamline operations
- Collaborate with stakeholders to understand business requirements and design Proofpoint email security solution, including configuring email security policies, threat intelligence, and DLP rules
- Manage and maintain the Proofpoint environment, including system upgrades, patching, and policy tuning; monitor system health, performance, and availability
- Troubleshoot and resolve issues; play a key role in incident response activities related to email security incidents; investigate and analyze security events, identify root causes, and implement preventive measures
- Develop and enforce email security policies, rules, and filters to protect against spam, malware, phishing, and other email-borne threats
- Continuously assess and refine policies based on evolving threat landscapes and business requirements
- Stay up to date with the latest email security threats, vulnerabilities, and industry best practices; conduct research and analysis to proactively identify emerging threats and propose mitigation strategies
- Maintain accurate documentation of the Proofpoint environment, configuration settings, and procedures; prepare regular reports on system performance, security incidents, and mitigation efforts for management and stakeholders
- Engage with Proofpoint support and product teams to escalate and resolve technical issues, coordinate product updates, and provide feedback on product enhancements and feature requests
- Provide technical leadership and mentorship to junior team members
Requirements
- 3 to 5 years of experience
- Senior-level roles as IT Security Engineer Cyber-Security Analyst, Cyber-Intelligence Analyst, Security Systems Engineer, Security Analyst
- Two years of College or Technical School resulting in an Associate's Degree or equivalent
- One or more of the following certifications dependent on the actual role: GIAC/SANS certifications - GCIH, GCIA, GCFE, GCFA, GREM, GSEC; ISC2 – CC, SSCP, CCSP, CISSP; CompTIA Security+; Akamai Security; Microsoft, Linux technical certifications
- Expertise in endpoint security, data loss prevention and insider threat management
- Experience with one or more enterprise host protection systems, enterprise vulnerability management, network security tools such IPS/IDS, and/or experience with attack tactics, techniques, and procedures used by the APT, Cyber Crime, and other associated threat groups
- Deep understanding of networking concepts, endpoint security and threat detection techniques
- Strong knowledge of SaaS solutions and cloud-native security architectures
- Proficient in integrating security platforms with other Cyber security applications
- Extensive experience in designing, deploying, and managing Proofpoint email security solutions
- Strong knowledge of email security protocols and standards (e.g., SMTP, SPF, DKIM, DMARC) and email authentication mechanisms
- Proficiency in configuring and managing Proofpoint products, including Email Gateway, TAP, ATP, and Encryption solutions
- Familiarity with email security-related regulations and compliance standards (e.g., GDPR, HIPAA)
- Strong demonstrated skills in one or more enterprise-level OS environments including Microsoft Windows, Linux, or Unix
- Understanding of network communications (TCP/IP, Ethernet, WAN/LAN technologies)
- Previous CIRT experience with a targeted (APT) and crimeware threat program
- Knowledge of information security threat types, their composition, and IOCs
- Dynamic Malware Analysis Experience
- Knowledge of attacker tactics, techniques, and procedures (TTPs) used by the APT, Cyber Crime and other associated threat groups
- Knowledge of computer security incident investigation and response
- Experience analyzing common types of attacks, cybercrime, APT, etc...
- Experience with Splunk or similar Log analysis tools and experience reviewing security events
- Experience reviewing, analyzing, and providing reporting on ongoing Intel gathering from various classified, sensitive, as well as open-source intelligence sources
- Deep internal knowledge of the MS Windows operating system, file system, registry, processes, and communications as well as collection and analysis techniques
- Knowledge of intrusion analysis, network, and host forensics
- Scripting experience is a plus (Python, Perl, Ruby, etc.)
- Additional working knowledge (understanding) with Akamai WAF, AWS Security or Crowdstrike a plus
- ITSM - Incident / Problem / Change / Request Management experience (ServiceNow preferred)
- Excellent problem-solving skills and the ability to identify, troubleshoot, and resolve complex configuration or security challenges
- Strong interpersonal skills with the ability to work effectively with cross-functional teams, including IT, DevOps, Security, and Compliance
- Strong organizational skills and attention to detail
- Ability to work independently and manage multiple priorities and projects simultaneously in a fast-paced environment with changing priorities
- Good verbal and written communication skills
- Must be a team player
- Due to U.S. Government requirements applicable to foreign-owned telecommunications providers, non-US citizens may be required to submit to an extensive government agency background check which will necessitate disclosure of sensitive Personally Identifiable Information.
Similar jobs on JobTailor
AWS Cyber Security Engineer
General Dynamics Information Technology
AWSAzureCloudCyber SecurityFirewallsSplunk
Senior CIRT Analyst
S&P Global
AWSAzureCloudCyber SecurityFlashGoogle Cloud PlatformLinuxSplunkTCP/IP
Security Incident Manager – Senior Security Incident Responder
Liebherr Group
AWSAzureCloudCyber SecurityGoogle Cloud Platform
GRC Analyst
CGWS - COME GROW WITH US
AWSCloudSaltStackServiceNow