Duties
• Provide in-depth analysis, response and remediation on cyber incidents and determine course of action(s) to contain and eradicate threats
• Provide independent thinking and real-time decision making to diagnose and analyze high severity escalated incidents ensuring critical response and remediation
• Perform in-depth analysis, monitoring, research, assessment and recommendations on Intrusion detection and prevention tools, anomaly detection systems, firewalls, antivirus systems and proxy devices
• Provide log/network/malware/device analysis and make recommendations for remediation of security vulnerability conditions
• Leverage commercial and open source tools to quickly analyze, detect, and respond to cyber security incidents
• Develop and maintain documentation of more complex threats and incidents to enhance event monitoring and incident response function and cyber tools
• Develop internal documentation, such as detailed procedures, playbooks, and operational metrics reports to improve overall response times
Experience:
• Knowledge of operating systems and networking
• 3+ years of experience with security architectures, devices, proxies, and firewalls
• 2+ years of experience with Security Tools related to Enterprise Log Management, IDP/IDS, Antivirus, Firewalls, Proxies, DLP, Forensic Analysis and SIEM solutions
• Experience in analyzing security event logs and correlating events
• Ability to identify gaps in security monitoring and drive process improvements
• Experience in host and network-based forensic/malware analysis
Education:
• GCIA, GCIH, Security+ or comparable Information Security certifications
• Working knowledge of IT Security Standards and Frameworks including ISO and NIST