Job Description :
Overview:
The Security Analyst''s primary role is to provide support for front-line monitoring and analysis of data feeds from many different security tools, threat monitoring programs, and risk sources.
The Security Analyst will assist others in the assimilation of data from these various feeds and rapidly determining if the collection of data points is evidence of a direct attack, a rogue actor attempting to find vulnerabilities in the systems, or false alarms based on unusual behavior patterns.
The Security Analyst will monitor outputs from audit tools and must be an effective and efficient communicator to follow the abnormal data points back to a root cause.
This individual may need to make snap decisions to alert multiple individuals high up in the chain of command and/or take rapid steps to block the exfiltration of sensitive information from our data centers.
Job Responsibilities:
Monitor and analyze network traffic and security alerts from tools which include but limited to: Antivirus, IDS/IPS, Firewalls, Active Directory, Windows Event Logs, Vulnerability Management tools
Conduct forensic analysis on endpoint systems and network traffic when necessary
Identify and prioritize security alerts based on initial triage of alerts or activity
Advise stakeholders in investigation steps to resolve and mitigate security incidents
Strong ability to learn and adapt to complex technical environments
Creating and track security investigations to resolution
Contribute to security strategy and posture by identifying security gaps, recommending mitigating actions
Work with Security Information and Event Management (SIEM) solutions to create correlation rules to aid in security alerting
Stay up to date with current security vulnerabilities, attacks, and mitigation techniques
Academic and Professional Qualifications:
Bachelor''s Degree in Computer Science, Information Technology or Information Security
Experience:
Minimum 1-3 years’ experience in a security analyst or security engineering role
Excellent written and verbal communication skills required
Experience working in both cloud and on-premise environments
Demonstrated scripting experience in one or more languages is a plus
Experience conducting forensic analysis on endpoint systems is a plus
Experience with infrastructure and security tools for audit logging, netflow, syslog, auditing, endpoint protection and vulnerability assessments.
Understanding of security concepts such as authentication, authorization, encryption, logging, and device hardening practices.
Research, Develop, Build and execute Operational and Run Book documentation for SOC analysts.
Ability to work on-call as needed to assist in resolving critical issues
Certifications:
One or more of the following or similar security certifications are required: CompTIA Security +, GIAC GCIH, GCIA, EC-Council CEH V9, Cisco CCNA Security, Cyber Ops, CISSP