Information Technology Security Analyst

SUMMARY OF DAY-TO-DAY RESPONSIBILITIES:

MUST-HAVE Hard Skills:

1.) Advanced knowledge of security incident and event management, log analysis, Network traffic analysis, Malware investigation and remediation.

2.) Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure is preferred.

3.) Familiarity with Breach and Attack Simulation (BAS) solutions

4.) Excellent problem-solving and analytical skills.

5.) Good communication

6. phyton or PowerShell

7. thread hunting, incident response, Digital Forensics and purple teaming

SOFT SKILLS:

1.)

2.)

3.)

NICE-TO-HAVE

1.) Banking or financial institution

2.) any engineering exp

3.)

Job Description:

• Develop and implement a controls assurance strategy structured around the MITRE ATT&CK framework

• Creating realistic attack scenarios based on attacker tactics, techniques, and procedures (TTPs) to test the effectiveness of security controls across various systems and networks.

• Collaboratively identify key security controls, monitor gaps in their implementation, and work closely with relevant teams to remediate identified issues.

• Staying current with industry best practices, emerging threats, and relevant regulatory requirements to ensure a comprehensive understanding of the evolving cybersecurity landscape.

• Collaborate with cyber threat intelligence, threat hunting, and threat detection engineering groups to identify and prioritize key security controls, and gaps, and ensure appropriate alerting feedback.

• Generating comprehensive reports detailing simulation findings, including actionable recommendations for remediation and security posture improvement to relevant stakeholders.

• Collaborate with other members of the cybersecurity team to analyze and interpret the results of simulated attacks.

• Continuously improve and refine the breach and attack simulation process to enhance its effectiveness.

• Make recommendations for security posture improvements based on analysis of breach and attack simulation trends.

• Work with senior analysts and leadership to develop relevant BAS dashboards to represent program value.

• Quantify risk reduction due to breach and attack simulation program

• Leverage APIs and automation techniques to integrate BAS with other security tools.

Job Requirements:

What can you bring to Client? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:

• 5+ years of experience cyber security, with a focus on breach and attack simulation or other offensive security discipline.

• Advanced knowledge of security incident and event management, log analysis, Network traffic analysis, Malware investigation and remediation.

• Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure is preferred.

• Strong software development skills, with proficiency in Python, PowerShell, and other relevant languages.

• Familiarity with Breach and Attack Simulation (BAS) solutions (e.g., AttackIQ, Atomic Red Team, etc.) and the MITRE ATT&CK framework

• Offensive security skills such as penetration testing or vulnerability assessment.

• Familiarity with MITRE ATT&CK, SIEM, EDR, and security control validation

• Knowledge of common security controls, best practices, and attacker techniques.

• Excellent problem-solving and analytical skills.