Analyst - Security Operation - IT

Security Operation

Job Summary :

- Security Operations Analyst is responsible for day-to-day security threat monitoring and analysis. The Security Operations Analyst manages security incidents and reviews security alerts for compliance and will work with senior analysts on known or suspected security threats.

- Security Operations Analyst will work on threat intelligence, forensics and incident response that adhere to best practices and recognized control frameworks.

General Duties and Responsibilities :

Security Operations Analyst duties and responsibilities include :

- Manage and support the log collection, security scanning, intrusion detection, content filtering, and other security-related systems

- Review and triage information security alerts, provide analysis, determine and track remediation, and escalate as appropriate

- Provide support for the log management and security information and event management (SIEM) solutions

- Ensure authorized access by investigating improper access, revoking access, reporting violations, and monitoring information requests

- Detect and respond to malicious behavior on cloud systems, SaaS, workstations, servers, and networks

- Optimizes threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus, cloud security products, intrusion detection systems, and other industry standard security technologies

- Proactively hunting threats within our environment

- Write detection signatures, tune systems / tools, develop automation scripts and correlation rules

- Maintain knowledge of adversary tactics, techniques, and procedures (TTP)

- Conduct forensic analysis on systems and engage third-party resources as required

Educational : Bachelors in Computer Science, Information Security, Information Technology

Certification Requirements :

- CISSP (Certified Information Systems Security Professional)

- GCFE (GIAC Certified Forensic Examiner)

- GCIH (GIAC Certified Incident Handler)

- Experience working with cloud technologies (AWS, Azure, SaaS, etc.) is highly desired.

General Knowledge, Skills, and Abilities :

As well as formal qualifications, a Security Operations Analyst should possess :

- Experience in forensics, malware analysis, threat intelligence

- Ability to understand, modify and create threat detection rules within a SIEM

- Knowledge and experience with the Windows and Linux operating systems

- Experience using Python, Perl, PowerShell, or an equivalent language

- Experience with network forensics and associated toolsets and analysis techniques

- Experience with host-based detection and prevention suites (Microsoft SCEP, Carbon Black Response, OSSEC, etc.)