• Sr Cyber Security Spec

    Location US-RI-Johnston
    Job ID
    2018-8145
    # Positions
    1
    Work Location
    Works from an office location
    Employee Type
    Regular
    Category
    Information Services - Information Security
  • Overview - External

    FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.

    Responsibilities - External

    FM Global is looking for an experienced and dedicated senior level cyber professional to complement and help lead our existing Cyber Threat Operations and Engineering Team (CTOE).   The CTOE team is responsible for the selection, implementation, operation, maintenance, and growth of technology solutions intended to mitigate cyber security threats.  These solutions range from network security technologies such as firewalls, URL filters, intrusion detection/prevention systems, advanced threat prevention technologies, and web application firewalls to server and endpoint solutions such as filesystem monitoring, filesystem encryption, vulnerability management and malware detection/prevention agents.

     

    The successful candidate will be an experienced practitioner who has effectively developed security strategies, evaluated and selected technology solutions, and been responsible for the operation and integrity of a wide range of security controls.  They should take pride in the quality of their work, and the effectiveness of the cyber security controls for which they are responsible.       

    Qualifications - External

    Education:

    • Bachelor’s Degree in Information Security / Assurance, Computer Science, Information Technology, or a related discipline, or equivalent work experience or technical training with a non-related degree.

     

    • One or more related certifications a plus (LPT, OSCP, GWAPT, GWEB, GCIA, GSNA, GCIH, CISSP, CEH, GPEN, GCED)

     

    Experience:

    • Minimum of five (5) years of experience in information technology, security administration, business analysis, risk, audit, compliance, computer forensics, network perimeter security or other related discipline.

    Skills and Abilities:

    • Strong verbal and written communication skills.
    • Solid Interpersonal skills.
    • Ability to coordinate activities with team members and other stakeholders.
    • Must have a strong work ethic, great time management skills and a positive attitude.
    • Ability to work independently or on a team
    • Ability to multi-task and change priorities with effective results.
    • Proficiency with the Microsoft Office suite, with a heavy emphasis in Excel.PowerBI
    • Experience working with vendors and resellers, handling vendor/reseller relationships, and bringing available resources to bear to solve problems or realize opportunities.
    • Experience managing/leading projects and ability to produce any necessary artifacts.

                  

    • A strong understanding of cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats
    • Knowledge of computer network exploitation, computer network attack and computer network defense tools and techniques
    • Strong knowledge of at least one of the following areas: operating systems, databases, systems, networks, application development.
    • Strong knowledge of computer vulnerabilities, hacker methodologies and other threats.
    • Experience with one or more of the following is preferred: ZScaler, Palo Alto, Cisco, F5, McAfee, Cylance, Bromium, Symantec, Varonis, Vormetric, Tenable, Rapid7, Mimecast, Proofpoint
    • Possess strong technical security skills and comprehension of security and risk
    • Demonstrated ability to looking for ways to improve relevant processes and controls to ensure best of breed, world class cybersecurity for the organization
    • Network Security Practices: Planning, design, implementation, testing, and management
    • Network architecture and protocols
    • Conduct and lead Cybersecurity Projects, including:
    • Participate in planning and implementation of information systems, including structure, process, and security.
    • Must be able to effectively communicate security issues to technical teams as well as leadership
    • Expected to maintain a deep understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them while providing training to the rest of the team on these items
    • Able to develop meaningful metrics for security control effectiveness which enable the organization to make educated decisions based on risk and opportunity
    • Knowledge of cloud IaaS services (AWS/Azure, etc.) and how to secure them

    •              Familiarity with common penetration testing and vulnerability assessment tools (nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, IronWASP) a plus