Security Operations Analyst, Senior

What you’ll do & how you’ll make your mark

The Security Analyst is responsible for ensuring the security and integrity of the organization's information systems and data.
This role involves identifying and mitigating security risks, reviewing project security requirements, and maintaining compliance with security standards.
The Security Analyst will also focus on detection engineering by designing systems to detect malicious activities and implementing automation technologies to streamline security operations, including vulnerability management and incident response.
Identify and ensure mitigation of information security risks within the organization standards, procedures, and practices across various types of projects.
Review requests for adherence to security policies, assuring requests are executed correctly.
Identify security incidents and respond to ensure threats and risks are contained.
Maintain integrity of security controls, toolsets, and other security-relevant services.
Develop and analyze security reports, and build presentations as required. 
Facilitate status reports and other relevant information to compliance staff and department leadership.
Monitor and audit systems for security violations, vulnerabilities, and abnormalities.
Develop, implement, and maintain alignment with security control frameworks.  Make updates to security policies, standards, procedures, practices, and operating procedures, as required.
Assist with incident handling and other incident response activities, as required. 
Complete and monitor the status of corrective action plans, resolve audit findings and security issues, ensuring problems are resolved in an effective and timely manner.
Implement and evaluate the effectiveness of data loss prevention (DLP) policies and detections.
Design, build, and fine-tune systems and processes to detect malicious activities or unauthorized behaviors.
Implement tools, processes, and procedures to identify unusual or suspicious behavior that may indicate a breach.
Create actionable alerts based on detected threats to prompt immediate response from concerned teams.
Implement automation technologies to streamline security operations such as vulnerability management, threat detection, and incident response.
Use automation to reduce incident response time by enabling swift threat remediation through predefined actions.
Who you are & what you’ll need to succeed

A working level understanding of controls (e.g., access control, auditing, authentication, encryption, and system integrity).

Versed in operating systems such as Linux (various distributions) and Microsoft Windows.

Experience with Microsoft Active Directory, encryption and algorithms, authorization and authentication mechanisms/software, network monitoring, TCP/IP networks, DNS, next generation firewalls, and intrusion detection/prevention systems.

General knowledge of network design and common network protocols, and infrastructure systems.

Ability to create scripts to automate processes in PowerShell, Python or Bash is a plus.

Ability to recognize and analyze malware.

Ability to analyze large data sets and identify patterns and anomalies.

Ability to quickly create and deploy countermeasures or mitigations under pressure.

Build effective relationships.  Develop and use collaborative relationships to facilitate the accomplishment of work goals.

Experience with the PCI-DSS, ISO-27001, and/or SOC II compliance frameworks is a plus.

Experience implementing and measuring security controls aligned with NIST 800-53 and the Center for Internet Security (CIS) is a plus.

Project Management skills is a plus.

Experience with the following technologies is a plus:  SentinelOne Singularity Platform, Tanium, Google Chronicle SIEM, Cloudflare L3-L7 security technologies, Tenable.io, Lacework, Recorded Future, KnowBe4, ServiceNow, Jira, Microsoft Defender for Endpoints, Microsoft Security and Compliance, Microsoft Azure Key Vault.

Experience with the native security service solutions for public cloud service providers (AWS, Google, Azure, Oracle) is a plus.

Educational and Certification Requirements

A degree in Cybersecurity, Information Technology, Computer Science, or related field is desirable.

Industry recognized certifications are a plus.  Certifications may include:  CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), CompTIA Security+, certifications issued by the SANS Institute, etc.

Certifications issued by public cloud providers (AWS, Azure, Google, Oracle, etc.) is a plus.