Cyber Security Specialist

The Tidal Financial Group is a leading ETF investment technology platform dedicated to creating, operating, and growing ETFs. We combine expertise and innovative partnership approaches to offer comprehensive, value-generating ETF solutions. 

Our platform offers best-in-class strategic guidance, product planning, trust and fund services, legal support, operations support, marketing and research, and sales and distribution services.

About the role

Tidal Financial Group is seeking a seasoned Cybersecurity Specialist to ensure the confidentiality, integrity, and availability of our systems and data. This individual will help design, implement, and monitor security measures, manage cybersecurity tools, lead incident response efforts, and stay ahead of emerging threats. The ideal candidate will bring experience in SOC2 compliance, EDR tools, SIEM, cloud firewalls, WAFs, and encryption standards while providing leadership in implementing cutting-edge security solutions in a remote environment.

What you'll do

Security Operations:

o Monitor and defend organizational systems against unauthorized access, modification, or destruction.

o Utilize SIEM tools and threat intelligence platforms to detect, analyze, and respond to potential threats in real time.

o Conduct root-cause analyses for security incidents and recommend effective mitigation strategies.

o Implement and manage EDR tools, VPNs, and cloud firewalls to enhance organizational security.

o Oversee the integration and secure configuration of cloud services across AWS, Azure, and GCP environments.

Frameworks and Compliance:

o Ensure adherence to SOC2 and other relevant security frameworks.

o Develop and enforce company-wide security policies and procedures to maintain consistent practices.

o Conduct internal penetration testing and cyber assessments to evaluate and improve security posture.

Incident Response and Training:

o Lead incident response efforts, including containment, mitigation, recovery, and documentation of findings.

o Maintain and update incident response plans, policies, and playbooks, and ensure regular testing.

o Prepare and deliver employee training materials on cybersecurity awareness and best practices.

o Monitor and manage security awareness training platforms and ensure user compliance.

Security Research and Implementation:

o Research emerging cybersecurity trends and implement solutions to address evolving threats.

o Recommend and assist in the adoption of architectural, procedural, and policy changes.

o Correlate and validate alerts to identify and address suspicious activities effectively.

Leadership and Collaboration:

o Act as the primary technical point of contact for clients, providing clear communication of risks and remediation strategies.

o Mentor and guide IT staff on best practices in cybersecurity, cloud security, and incident management.

o Collaborate with technical and non-technical teams to align security practices with business goals.

Reporting and Documentation:

o Prepare detailed reports on cybersecurity incidents, including root-cause analysis and recommendations.

o Document and maintain security standards, guidelines, and audit trails for compliance purposes.

o Present findings and remediation plans to IT leadership and business stakeholders.

Continuous Improvement:

o Optimize testing processes to ensure timely, thorough security assessments.

o Stay updated on the latest vulnerabilities, tools, and methodologies in the cybersecurity landscape.

o Evaluate and recommend new tools or technologies to enhance security capabilities.

Qualifications

Education and Experience:

o Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or a related field.

o Minimum of 7–10 years of experience in cybersecurity, with hands-on experience in penetration testing, cloud security, and vulnerability assessments.

Technical Expertise:

o Proficiency in EDR tools, SIEM systems, cloud firewalls, WAFs, and VPN technologies.

o In-depth understanding of SOC2 compliance and related frameworks.

o Hands-on experience with cloud platforms (AWS, Azure, GCP) and their security tools.

o Knowledge of encryption standards, OWASP Top 10, CVE, and CVSS.

o Familiarity with cybersecurity tools such as Nessus, Burp Suite, Metasploit, and Nmap.

Analytical and Leadership Skills:

o Strong problem-solving abilities and a critical-thinking mindset.

o Ability to lead cross-functional teams during incident response and remediation efforts.

o Proven track record of mentoring technical teams and enhancing organizational security awareness.

Communication and Client Engagement:

o Ability to translate complex security concepts for both technical and non-technical audiences.

o Experience in preparing and presenting security assessments and reports to clients and executives.

Certifications (Preferred):

o CISSP, CEH, OSCP, CISM, or similar industry-recognized certifications.