IT Security Analyst

Sr. Information Security Analyst

We are seeking a Sr. Information Security Analyst to join the Security Operations Center responsible for monitoring, detecting, triaging, and responding to security events and incidents in a 24 x 7 global environment.

Responsibilities:

• Primary responsibilities include developing and mentoring the SOC L1/L2 Information Security Analysts, ensuring processes are followed, updating and creating new processes as needed, setting and tracking metrics, and driving new detections/use cases from the SOC Analyst perspective.
• Serves as an escalation point of contact for L1 and L2 Security Operations Center (SOC) analysts.
• Work collaboratively with multiple teams as well as subject matter experts to include threat hunters, counter-threat Intelligence analysts, incident responders and forensic investigators.
• Stay current with and remain knowledgeable about new threats. Analyze threat actor tactics, techniques and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
• Utilize security models and frameworks for documenting and tracking purposes, (eg MITRE ATT&CK framework, Cyber Kill Chain (CKC) framework)
• Leverage automation and orchestration solutions to automate repetitive tasks.
• Assist with incident response as events are escalated, including triage, remediation and documentation.
• Collaborates with the owners of cyber defense tools to tune systems for optimum performance and to maximize detection and prevention effectiveness. and minimize false positives.
• Work alongside other security team members to search for and identify security issues generated from the network, including third-party relationships.
• Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats.

Minimum Requirements:

• Requires 7+ years of professional work experience
• BA/BS degree or equivalent experience

Critical Skills:

• 3-5 years of information security monitoring and response or related experience.
• Experience working in a 24x7 operational environment, with geographic disparity preferred.
• Experience driving measurable improvement in monitoring and response capabilities at scale.
• Experience working with SIEM systems, Endpoint Detection and Response (EDR) solutions, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), Data Loss Prevention and other network and security monitoring tools.

Preferred:

• Certifications related to security (such as Security+, GSEC, GCIH, GCIA, CISSP, NCSF, etc)
• Certifications in Splunk
• Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Health Information Portability and Accountability Ace (HIPAA), HITRUST, Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR).