IT Cyber security Analyst

Job Responsibilities

• Perform incident response, with a primary focus of eliminating the threat to the network and determining the cause of the security incident while preserving evidence for further analysis
• Ensure incidents are handed in a manner that is consistent with established playbooks
• Monitors SIEM and logging for alerts of potential network threats, intrusions, and/or compromises
• Responsible for understanding the global threat environment and general security best practices
• Assists with triage of service requests from automated sensors and internal requests for assistance
• Participates in active cyber hunting to identify and eliminate known and unknown network threats
• Interface with technical personnel from various disciplines to rapidly resolve critical issues
• Appropriately inform and advise the leadership of incidents and propose effective response and/or countermeasures for containment.
• Participate in knowledge sharing with other security engineers and partners.
• Identify, document, and recommend new or revised incident response playbooks
• Drive continuous improvement of processes and procedures to improve analysis, detection, and mitigation of incidents in support of the overall Cyber Defense mission
• Create and drive action plans to address recurring or ongoing information security incidents.
• Develop and maintain reporting metrics used to measure team performance, ensure analyst adherence to processes/procedures for operational consistency, identify process improvements, coaching, training and professional development of the staff.
• Participate in the planning and implementation of information security technology projects. Serve as point-person and subject matter expert for issues and projects related to Cyber Security Counter Threat Operations.
• Collaboration as appropriate with leadership and other key stakeholders

Required:

• Knowledge of industry-recognized analysis frameworks (Kill Chain, Diamond Model, MITRE ATT&CK, NIST Incident Response, etc.) and thorough understanding of fundamental security and network concepts
• 1-3 years' work experience as a security analyst or similar role with the ability to lead shift for the Security Operations Center
• Ability to demonstrate triage and investigations utilizing multiple security sensors including documentation and debriefing of incidents.

Preferred:

• Experience with network monitoring in a SOC environment
• BS in Computer Science, Computer Engineering, Cyber Security, Forensics and/or equivalent work experience
• Security certifications (e.g. Security+, CCNA Cyber Ops, GCIA, GCIH, CEH, CySA+, OSCP, etc.)
• Experience and knowledge conducting cyber threat analysis originating from phishing emails
• Previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms
• Development experience in one or more of the following: C+, Python, PS, Bash, or Java