Job Description :
Cyber Security Analyst
Augusta, GA
3 months, C2H
Background: Additional backgrounds screens with the State will be required (fingerprinting – covers anything after 18 years old); The State will work directly with the new hire on these screens and Pinnacle/supplier will not be involved
Travel: Not to be expected; 0-10% (cost covered by client if it does occur)
Interview Process: 1st phone, 2nd in-person; likely a decision to be made at this point, but a final 3rd interview (in-person) is a possibility
Schedule: 24x7 Security Operations Center – The first month will be day shift for training. After that, the schedules will be split into 1st, 2nd, and 3rd shifts (the manager provided a draft schedule for us below ALL of the candidates’ shift preferences and availability MUST be listed at the top of the resume (in order or preference; priority on top)
*The manager only cares about coverage, so if later on down the assignment the contractors want to make agreements with others to switch shifts occasionally that is fine – as long as there is coverage and supervisors/managers are kept in the loop.
SHIFT SUN MON TUE WED THUR FRI SAT
1st Shift
Operator 1 TBD 6:00-4:00 6:00-4:00 6:00-4:00 6:00-4:00
Operator 2 Covered 8:00-6:00 8:00-6:00 8:00-6:00 8:00-6:00
Operator 3 TBD 8:00-6:00 8:00-6:00 8:00-6:00 8:00-6:00
Operator 4 TBD 6:00-4:00 6:00-4:00 6:00-4:00 6:00-4:00
Operator 5 TBD 8:00-6:00 8:00-6:00 8:00-6:00 8:00-6:00
Operator 6 TBD 8:00-6:00 8:00-6:00 8:00-6:00 8:00-6:00
Operator 7 Covered 8:00-5:00 8:00-5:00 8:00-5:00 8:00-5:00 8:00-5:00
Operator 8 Covered 8:00-5:00 8:00-5:00 8:00-5:00 8:00-5:00 8:00-5:00
2nd Shift
Operator 9 Covered 2:00-12:00 2:00-12:00 2:00-12:00 2:00-12:00
Operator 10 TBD 4:00-2:00 4:00-2:00 4:00-2:00 4:00-2:00
Operator 11 Covered 2:00-12:00 2:00-12:00 2:00-12:00 2:00-12:00
Operator 12 TBD 4:00-2:00 4:00-2:00 4:00-2:00 4:00-2:00
Operator 13 TBD 4:00-12:00 4:00-12:00 4:00-12:00 4:00-12:00 4:00-12:00
3rd Shift
Operator 14 TBD 10:00-8:00 10:00-8:00 10:00-8:00 10:00-8:00
Operator 15 TBD 12:00-10:00 12:00-10:00 12:00-10:00 12:00-10:00
Operator 16 TBD 10:00-8:00 10:00-8:00 10:00-8:00 10:00-8:00
Operator 17 TBD 12:00-10:00 12:00-10:00 12:00-10:00 12:00-10:00
Top Skills Set The Manager is Looking for:
SIEM knowledge (preferably LogRhythm, but not required)
Identity and Access Management knowledge (Preferably Okta, but not required)
Advanced Endpoint Protection knowledge (Preferably Cylance or Carbon Black)
Firewall/Networking knowledge (Palo Alto, Cisco, Checkpoint and/or Fortinet)
Overview:
To provide high quality security device management and support services to Managed Security Service customers. This can include (but not limited to) Firewall, IDS/IPD, VPN Concentrator, VM/Scanning Systems and SIEM in either a leveraged or dedicated delivery team model.
Key Job Responsibilities
Working incidents based on standard service measures.
Provide technical support to customers across the managed service portfolio.
Responding to device alerts through in-house proactive alerting system.
Support customers via on-site, and/or remote phone and email.
Liaise with vendors to support customer devices and environments.
Attending technical training to retain skill levels across portfolio.
Qualifications Technical certification in at least 1 security or network products set
Required Skills
2 years related experience
An understanding of networking technologies
Experience in a Support environment
Experience of working within a team environment
Excellent customer service skills
Pro-active attitude to troubleshooting support issues
Evidence of trouble-shooting skills
Experience working with packet captures/tcp dumps
Knowledge of different security platforms available with experience of configuring/managing at least one of the following
- Checkpoint firewall
- Juniper Netscreen/SRX firewall
- CISCO PIX/ASA firewall
- Bluecoat Proxy
- F5 load balancer
Beneficial Skills:
Knowledge of Checkpoint, F5, Bluecoat, MacAfee and Juniper Products
Familiarity with SIEM, IPS/IDS and VPN Technologies and Authentication Software
Familiarity with Microsoft and Citrix servers.
Familiarity with ITSM/ ticketing systems.
Job Responsibilities:
The primary function of this role is to participate as a mid-level member of a 24x7 Security Operations Center (SOC) team, delivering the required actions as described within agreed guidelines and follow standard procedures to maintain, manage and report on the security event management and infrastructure events of our clients.
Applying knowledge of a client''s security policies and procedures to detect, analyses and prevent both internal and external security breaches using SIEM and other security event monitoring tools
Research and document appropriate information to support escalations of complex security issues to Senior Analysts or appropriate engineers
Actively monitor the SIEM/security monitoring tools in order to identify anomalies and other event not automatically detected
Develop basic SIEM/security monitoring tool event filters
Lead or assist rule development activities to need to increase detection efficiencies and help in the prevention of malicious attacks
Provide vulnerability assessment analysis to clients/accounts based on scanning technology output.
Experience in networking, operational security management and telecommunications;
At least 4 years'' experience in a security analyst/administrator role in a complex environment;
Extensive knowledge of security products and network topology;
Extensive knowledge of TCP/IP and other protocols;
In-depth knowledge of current Internet security attacks and prevention.
Experience in security analysis tools such as ArcSight, LogRythm, QRadar, etc.
Strong knowledge of leading enterprise commercial firewall technologies (certifications preferred);
Strong knowledge of structured intrusion detection, tracking and analysis using industry leading commercial technologies (certification preferred);
Specific knowledge of Windows security issues;
Specific knowledge of Unix security issues;
Excellent English communication skills, both verbal and written. Other language skills are an advantage;
Preferable Certification: CPT, CEPT, ECSA, GCIH (SANS), GCIA (SANS)