Cyber Security Analyst

We are seeking an enthusiastic and motivated individual to provide Managed Cyber Security Services to our valued customers. As a key member of the Optimization Engineering & Analytics team, you will be part of an integral group that is dedicated to protecting system resources from cyber-attacks and other online threats that could have devastating consequences for millions of end users.

Successful candidates will demonstrate foundational Network Security and System Administration with advanced understanding across Endpoint Protection, Threat and Vulnerability Management, Security Automation, and Security Analysis.

KEY RESPONSIBILITIES:

- Provide client-facing support of our 24x7 managed security services, including adherence and development of processes and operational frameworks.

- Ability to work assigned shift, covering alternate shifts as needed.

- Analyze, escalate, and assist in the remediation of critical information security incidents.

- Assist with the integration, deployment, on-boarding and management of endpoint defense and attack surface managed customers.

- Perform real-time alert monitoring and analyze security event data from network and endpoint environments, peer analysts, customer platforms, and other data sources.

- Provide Incident Response (IR) support and assist customers remediation guidance.

- Review procedures relating to Cyber threat intelligence, monitoring, incident response, attack surface reduction, and design automated actions to accelerate the triage, validation, eradication, and remediation of security incidents.

- Leverage expertise in leading security operations tools and industry standard scripting languages to effectively write playbooks in security orchestration, automation, and response.

- Collaborate with team members to create, maintain, and manage a library of automated playbooks for common information security threats and customize these plans for client specific environments.

- Actively identify areas of improvement within the processes of the Security Operations Center and Cyber Incident Response with the goal of decreasing response times, increasing effectiveness, eliminating waste, and streamlining security operations.

- Integrate new security platform functionality with existing systems and automated processes as threats and controls evolve.

- Create well documented and clearly articulated code/ scripts, process, and service documentation.

- Perform health checks and optimization activities on client security technologies or systems.

- Determine information security risk and facilitate remediation actions of identified vulnerabilities and security risk across the enterprise.

- Other, as needed.

MINIMUM QUALIFICATIONS

- 4+ years of IT experience.

- 3+ years of Cyber Security experience.

- Advanced operating systems experience, in 2 or more of the following, Microsoft, MacOS, Linux.

- General network security and troubleshooting knowledge.

- Foundational scripting knowledge preferred in any of the following: PowerShell, Python, Bash.

- In-depth knowledge of TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, and HTTP Protocols, network analysis, and network/security applications.

- Good knowledge of common malware threats and attack methodologies.

- Passionate about emerging threats and security tools/technologies.

- Malware and Threat analysis.

- Incident Management.

- Able to work under general to minimal supervision.

PREFERRED QUALIFICATIONS

- 3+ years of experience with endpoint security tools (Trellix ePO, Trellix ENS, Trellix EDR, Trellix HX, CrowdStrike, Microsoft Defender, Microsoft ATP, SentinelOne).

- 3+ years managing security endpoints.

- 3+ years of experience with SIEM management and tuning in one or more of the following: LogScale formerly Humio, Splunk, Trellix Helix, Trellix ESM, Azure Sentinel, Elastic SIEM, Chronical, or Devo.

- Experience with Windows patch management tools (Automox, SCCM, SolarWinds, GFI Languard, etc.) a plus.

- Experience creating detection rules in a one ore more SIEM technologies.

- Certifications a plus: CEH, CRISC, CISA, CGEIT, CISSP, CIPP, GMON, GHIA, GCIH.

- Bachelor’s Degree (Math, CS, and Engineering), preferred.

- Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).