Job Description :
Role: Security Analyst (Tier 2)
Location: Austin TX, Dallas TX, and Washington DC
Duration: Long-term
Responsibilities
· Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
· Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
· Provide daily summary reports of network events and activity relevant to cyber defense practices.
· Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
· Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
· Recommend computing environment vulnerability corrections.
· Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings
· Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
· Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
· Assists in developing cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
· Provide guidance and mentorship to Tier 1 analysts.
· Contribute to the creation of process documentation and training materials.
Qualifying Experience and Attributes
· Three (3) to five (5) years of Network Intrusion Response and threat analysis experience.
· Working knowledge of Intrusion Detection Systems (all 4 types preferred: host-signature, host-behavioral, network-signature and network-behavioral based
· Experience with one or more IDS: McAfee ESM, Snort, Cisco, Dragon, NFR, Manhunt, etc.
· Three (3) to five (5) + years of Security experience with Windows / UNIX / Mainframe based systems, routers and Ethernet switches.
· Working knowledge of system administration, network, and operating system hardening techniques.
· Working knowledge of cybersecurity and privacy principles.
· Working knowledge of cyber threats and vulnerabilities.
· Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
· Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
· Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists?
· Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins?
· Knowledge of incident response and handling methodologies.?
· Prior training in concepts of network and systems operations.
· Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption?
· Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
· Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]
· Knowledge of escalation, incident management and change management processes and procedures of the SOC.
· Proficient in the operation and use of sophisticated diagnostic tools (i.e. Sniffer, RMON tools, etc.
· Understands vendor and industry standards and procedures for their respective technical specialty.
· Possess good communication and interpersonal skills.
· Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute?
· Familiarity with key concepts in security management (e.g., Release Management, Patch Management
· Knowledge of adversarial tactics, techniques, and procedures.
· Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks?
· Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth
· Signature implementation impact for viruses, malware, and attacks.?
Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump
If interested, kindly share below details
Name:
Visa:
Current Location:
Ready to Relocate:
Total Experience:
Availability for interview(mandatory):
Rate:
Linkedin:
Skype:
Copy of Green Card / Passport / Visa (Mandatory):
2 End-Client full-time employees references from last organization: