Monitors multiple security technologies using the Security Information and Event Management (SIEM) as well as other Security Applications to detect IT security incidents. Follows detailed operational processes and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents.
- Requires experience in own professional discipline to appropriately apply own knowledge; broadens own professional expertise and acquires higher level skills
- Understands key business drivers; uses this understanding to accomplish own work
- No supervisory responsibilities but may provide informal guidance to new team members
- Solves problems in straightforward situations; analyzes possible solutions using professional/technical experience, judgment and precedents
- Impacts quality of own work and the work of others on the team; works within guidelines and policies
- Receives a moderate level of guidance and direction
- Explains complex information to others in straightforward situations
Job Specific Responsibilities:
- Tunes SIEM and IDS/IPS alerts and rules.
- Provides knowledge sharing with Cyber Security team peers via formal and informal training events, brown bag sessions and web-based demos.
- Continually improves cyber security operations center abilities and value to internal customers
- Acts as a cyber-security evangelist to educate fellow IT team members on cyber security best practices
- Reduces the enterprise attack surface
- Enhances Incident Response detection capabilities as well as reliance against attacks
- Advises on defining and implementing overall security strategy, policies and procedures.
- Carries out and evaluates investigative work regarding potential threats.
- Assists in handling simulated and actual disaster scenarios.
- At least 2 years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration required
- At least 2 years of experience in network operations or engineering preferred
- Moderate to Advanced event analysis leveraging SIEM tools (McAfee Nitro preferred) preferred
- Moderate incident investigation and response skill set preferred
- Moderate log parsing and analysis skill set preferred
- Moderate knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.) preferred
- Moderate knowledge of malware operation and indicators preferred
- Moderate knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.) preferred
- Moderate knowledge or IDS/IPS systems preferred
- Moderate knowledge of Windows and Unix or Linux preferred
- Moderate knowledge of Firewall and Proxy technology preferred
- Basic to Moderate knowledge of penetration techniques preferred
- Basic to Moderate knowledge of DDoS mitigation techniques preferred
- Basic knowledge of Data Loss Prevention monitoring preferred
- Basic experience with scripting preferred
- Basic knowledge of forensic techniques preferred
- Basic to Moderate protocol analysis experience (Wire shark, Gig Astor, Net witness, etc.) preferred
- Basic knowledge of audit requirements (PCI, HIPPA, HI Trust) preferred
- Experienced in mentoring and training junior analysts preferred
- At least 2 years of experience in system administration on Unix, Linux, or Windows preferred
- Two-year Associate's degree or equivalent experience required
Specific Knowledge, Skills and Abilities:
- Maintain effectiveness when experiencing major changes in work responsibilities or environment; adjust effectively to work within new work structures, processes, requirements, or cultures.
- Use appropriate interpersonal styles to establish effective relationships with customers and internal partners; interact with others in a way that promotes openness and trust and gives them confidence in one's intentions.
- Ensure that the customer perspective is a driving force behind business decisions and activities; craft and implement service practices that meet customers' and own organization's needs.
- Develop and use collaborative relationships to facilitate the accomplishment of work goals.
- Identify and understand issues, problems, and opportunities; compare data from different sources to draw conclusions; use effective approaches for choosing a course of action or developing appropriate solutions; take action that is consistent with available facts, constraints, and probable consequences.
- Assimilate and apply new job-related information in a timely manner.
- Set high standards of performance for self and others; assume responsibility and accountability for successfully completing assignments or tasks; self-impose standards of excellence rather than having standards imposed.
Licenses & Certifications:
- Certified Incident Handler (GCIH) preferred
- Certified Intrusion Analyst (GIAC) preferred
- Certified Ethical hacker (CEH) preferred
- Networking Certifications (CCNA, etc.) preferred
- Platform Certifications (Microsoft, Linux, Solaris, etc.) preferred
- CISSP preferred
- Certified Expert penetration tester (CEPT) preferred
Sedentary - Exerting up to 10lbs. occasionally or negligible weights frequently; sitting most of the time.