The Information Security Analyst will be a key member to the Information Security team responsible for various security functions to include, but not all:
• Operating SEIM (AlienVault, McAfee ESM, Splunk Enterprise Security, and ELK) consoles in order to monitor the environment for events of interest
• Performing analysis of security events and logs in an attempt to detect unauthorized access, intrusion events, malware compromises and other events of interest
• Participating in Computer Incident Response Team (CIRT) as needed
• Responding to Data Loss Prevention (DLP) events and identify possible data exfiltration events
• Documenting security incidents within case management tool
• Solving complex security problems with engineering and developing automated solutions
• Researching external trusted intelligence sources and leveraging knowledge to detect events of interest
The ideal candidate will have:
• Bachelor’s degree from an accredited college or university required in the field of Computer Science, Mathematics, Engineering, or equivalent field of study with a minimum of 5 years of related experience; or 3 years of related work experience with a Master’s degree
• Certifications: ECIH, GCIA, GCIH, or similar
• Advanced knowledge and demonstrated experience with Python, PowerShell, or similar coding language
• Experience performing security analysis utilizing Security Incident and Event Management (SIEM) technologies.
• Knowledge of attack methodologies and tactics, system vulnerabilities and ley indicators of attacks and exploits
• Working knowledge of LINUX, Windows, and Network Operating Systems
• Familiarity with industry-standard frameworks (NIST, ISO, PCI, etc.)
• Demonstrated written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants
• Demonstrated personal integrity, the ability to professionally handle confidential matters and exhibit the appropriate level of judgment and decision making commensurate with the position and responsibilities
• Demonstrated initiative, dependability, and ability to work with little supervision
• Demonstrated the ability to be results driven and manage assignments based on criticality, in a timely and professional manner
Essential Duties and Responsibilities:
- Part of the rotational 24x7 operations of the SOC.
- Manage, implement and monitor the strategic security monitoring and operation program to ensure that confidentiality, integrity, and availability of information owned, controlled or processed by the organization.
- Understand a variety of network protocols including TCP/IP, UDP, DHCP, FTP, SFTP, ATM, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP, and HTTPS.
- Operate SEIM (Trustwave) consoles in order to monitor the environment for events of interest.
- Perform analysis of security logs in an attempt to detect unauthorized access.
- Use vulnerability assessment data to pinpoint potential points of attack.
- Document and contain security incidents detected on the network.
- Execute incident response process when a security incident has been declared.
- Participate in the creation, modification and maintenance of all SOC policies and procedures.
- Travel required up to 15% of the time.
- Other duties as assigned by management.
- Typically requires a minimum of 5 years of related experience with a Bachelor's degree; or 3 years and a Master's degree; or a PhD without experience; or equivalent work experience.
- Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors.
- Demonstrates good judgement in selecting methods and techniques for obtaining solutions.
- Networks with senior internal and external personnel in own area of expertise.