Monitors multiple security technologies using the Security Information and Event Management (SIEM) as well as other Security Applications to detect IT security incidents. Follows detailed operational processes and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents
Essential Duties and Responsibilities
- Provides knowledge sharing with Cyber Security team peers via formal and informal training events, brown bag sessions and web-based demos.
- Continually improves cyber security operations center abilities and value to internal customers
- Acts as a cyber-security evangelist to educate fellow IT team members on cyber security best practices
- Reduces the enterprise attack surface
- Enhances Incident Response detection capabilities as well as reliance against attacks
- Advises on defining and implementing overall security strategy, policies and procedures.
- Carries out and evaluates investigative work regarding potential threats.
- Assists in handling simulated and actual disaster scenarios.
- Two-year Associate's degree or equivalent experience, required
Licenses & certifications
- Certified Incident Handler (GCIH), preferred
- Certified Intrusion Analyst (GIAC), preferred
- Certified Ethical hacker (CEH), preferred
- Networking Certifications (CCNA, etc.), preferred
- Platform Certifications (Microsoft, Linux, Solaris, etc.), preferred
- CISSP, preferred
- Certified Expert penetration tester (CEPT), preferred
- At least 2 years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration, required.
- At least 2 years of experience in network operations or engineering, preferred
- Moderate to Advanced event analysis leveraging SIEM tools (McAfee Nitro preferred)
- Moderate incident investigation and response skill set, preferred
- Moderate log parsing and analysis skill set, preferred
- Moderate knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.) , preferred
- Moderate knowledge of malware operation and indicators, preferred
- Moderate knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.) , preferred
- Moderate knowledge or IDS/IPS systems, preferred
- Moderate knowledge of Windows and Unix or Linux, preferred
- Moderate knowledge of Firewall and Proxy technology, preferred
- Basic to Moderate knowledge of penetration techniques, preferred
- Basic to Moderate knowledge of DDoS mitigation techniques, preferred
- Basic knowledge of Data Loss Prevention monitoring, preferred
- Basic experience with scripting, preferred
- Basic knowledge of forensic techniques, preferred
- Basic to Moderate protocol analysis experience (Wire shark, Gig Astor, Net witness, etc.) , preferred
- Basic knowledge of audit requirements (PCI, HIPPA, HI Trust) , preferred
- Experienced in mentoring and training junior analysts", preferred
- At least 2 years of experience in system administration on Unix, Linux, or Windows, preferred
Specific knowledge, skills and abilities
- Maintain effectiveness when experiencing major changes in work responsibilities or environment; adjust effectively to work within new work structures, processes, requirements, or cultures.
- Use appropriate interpersonal styles to establish effective relationships with customers and internal partners; interact with others in a way that promotes openness and trust and gives them confidence in one's intentions.
- Ensure that the customer perspective is a driving force behind business decisions and activities; craft and implement service practices that meet customers' and own organization's needs.
- Develop and use collaborative relationships to facilitate the accomplishment of work goals.
- Identify and understand issues, problems, and opportunities; compare data from different sources to draw conclusions; use effective approaches for choosing a course of action or developing appropriate solutions; take action that is consistent with available facts, constraints, and probable consequences.
- Assimilate and apply new job-related information in a timely manner.
- Set high standards of performance for self and others; assume responsibility and accountability for successfully completing assignments or tasks; self impose standards of excellence rather than having standards imposed.
- Duties require little or no exertion of physical effort.