Senior Security Operations Analyst/Splunk Administrator
Posted on Dec 2, 2019 by Request Technology - Robyn Honquest
Looking for a Senior Security Operations Analyst - preferably with Splunk experience (not a must). This is a lead role. You will lead the SOC and manage the Level I MSSP. You will work with Firewalls VPN SEIM IDS IPS malware certifications are preferred.
- Lead the global security operations team in protecting the integrity and confidentiality of Company information assets while enabling business functionality in all systems and environments by supporting applicable security solutions. Assist in security project implementation for testing, monitoring and reporting purposes
- Provide direction on the usage of Legacy and third party security solutions/tools/services with remote support providers and integration techniques. Day to day oversight of MSSP/external vendors providing SecOp services.
- Contribute in the evaluation of new or updated security solutions with engineering.
- Evaluate and escalate events and incidents to the Security Administration and Engineering teams based on established escalation procedures.
- Provide Real Time monitoring and timely response to alerts and anomalies generated by security tools
- Provide oversight and direction to outsourced service provider
- Execute changes in security access systems based on results from analysis received from Risk & Compliance, Internal Audit, External Audit, and other functions as deemed appropriate
- Supports departmental and corporate goals by meeting key performance indicators and defined metrics
- Fully support and follow Change Management processes and procedures
- Help standardize documentation for support of assigned systems and applications and help to facilitate understanding and use within level one support organization
- Accurately record all interactions with customers in the incident management tracking tool
- Perform special assignments as required
PREFERRED EDUCATION & EXPERIENCE
- 3 or more years required of working in security operations center or incident response role (preferably with global scope) - experience leading an incident team
- 3 or more years required of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments.
- 4 years of experience (minimum) and hands-on working knowledge with a variety of security technologies and processes including but not limited to Firewall (such as Check Point, Fortinet, Cisco ASA, Palo Alto, Juniper), VPN, SEIM, IDS/IPS (such as SourceFire, HP TippingPoint), HIDS, malware analysis and protection, content filtering, logical access controls, data loss prevention (such as Symantec, RSA, McAfee), content filtering technologies, application Firewalls (such as F5, Imperva), vulnerability scanners, forensics software, and security incident response.
- GIAC and ISC2 certifications such as CISSP are highly preferred.
- Familiarity with audit support and response, and regulatory compliance (Sarbanes-Oxley (SOX) and PCI-DSS