Job Description :
me for any additional information Ext 302.
MUST HAVE ARCSIGHT, QRADAR, SPLUNK EXPERIENCE (2-3 Year’s Experience)
LOGGING EXPERIENCE ! (REVIEW, PARSING ECT)
Location: Moorestown, NJ
Interview Mode: Phone followed by F2F or Video

Information Security Analyst II/Cyber Incident Response

Managed incident response activities, intrusion detection processes, security for the infrastructure and third-party vendor
Took lead on incident severity level 3, 2 and 1 incident to remediation
Analyze and managing IT Risk, system audit and internal audits
Conducted IT risk advisory, security policies & procedure’s review
Recorded and classify alerts from various resources such as RSA Net witness, Arc Sight, Proof Point, Splunk, Blue Coat and Fire Eye.
Undertook an immediate effort in order to restore a failed IT Service as quickly as possible.
Assigned unresolved Incidents to appropriate Tier 2 Support Group and ensure all unresolved incidents were properly escalated.
Logged all Incident/Service Request details, allocating categorization and prioritization codes.
Associated Incidents with other records (i.e. Incidents, Changes, Problems, Knowledge Articles, Known Errors, etc.
Responsible for Splunk development and including but not limited to data modeling, data reporting, alert creation, and SPL coding.
Provided first-line investigation and diagnosis of all Incidents and Service Requests.
Verified resolution with users and resolve Incidents in ITSM tools such as Archer and Service Now.
Conducted tabletop exercises to find potential gaps.
Demonstrated security knowledge by keeping current on threats, trends tools, etc.
Escalated Major Incidents to the Incident and/or Problem Manager.
Escalated Incidents at risk of breaching Service Level Agreement to the Incident Process Coordinator.
Owned all Incidents and Service Requests throughout the lifecycle
Assisted in modifying Archer eGRC, Service Now and QlikView to project the necessary dashboard filters for the CIR team
Responsible for enterprise-wide data logging, monitoring and aggregation of data filtered using SIEM Splunk.
Worked with team to determine why e-mail packet capture was not being detected or decrypted for DLP team to analyze (Symantec) Bluecoat to optimized data such as: (WAN App, Data Center Backup, SSL Traffic, video streaming, Mobile Devices Apps) to help speedup processes.
Used System Center Operation Manger (SCOM) to monitor IT data center OS and hypervisors.
Utilized LogRhythm/SIEM, to manage cyber security logs, events, network, security analytics, endpoint monitoring and forensics
Familiar with CISCO Cloud Lock – Cloud Access Security Broker (CASB), and cloud security platform to gain visibility in protect protecting users, data, and apps in the cloud by mitigating risk and data breaches through automation.
Experienced with Symantec/Endpoint Protection, for threat, anti-malware, vulnerabilities preventions, and firewall features to secure servers and computers.
Use Fireeye NX/HX threat intelligence analysis to: Provide tactical and operation intelligence support, Discover, research ad defines individual threat group, Blue Coat SG management and support, Checkpoint management and support.
Worked with Info Security Runbook process documentation
Familiar with Web filtering process, to screen incoming Web pages to determine or restrict/control the content of what should be allowed to be displayed to the user.
Provided forensic analysis and troubleshooting to assist in the containment and remediation of security incidents working with the Incident Response team
Performed IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms
Provided the technical expertise and oversight of security tool/appliances deployment and implementation
Responsible for remediating security gaps following up on non-compliance and ensuring operational activities within IT services follow information security best practice
Responsible for the operational management of security products and services including firewalls, networks, third party connections, encryption technologies, patching, certificate management, anti-virus, email security controls, intrusion detection, intrusion prevention, virtual private networks, and identify access management
Reported security performance against established security metrics
Working knowledge of information/cybersecurity, infrastructure vulnerabilities, and network security products (hardware and software)
Developed and maintained documentation, processes, procedures, and reports to improve the quality, consistency, effectiveness, and efficiency of SOC operations
             

Similar Jobs you may be interested in ..