Duration: Long term. At least 6 to 12 months+
Complete Description:
The Analyst shall be responsible for the following, but not limited to:
•Analyze and respond to security events and incidents from SIEM, Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Network Access Control (NAC) and other client data sources.
· Investigate security events forwarded from Level I Analysts and agencies for security risk.
•Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst response procedures.
•Escalate incidents and act as a Security Incident Response Team Lead when necessary.
•Enforce incident response SLAs.
•Develop custom SIEM reports for clients.
•Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose.
•Respond to inbound requests via phone and other electronic means for technical assistance
•Document actions in cases to effectively communicate information internally and to agencies.
•Adhere to policies, procedures, and security practices.
•Resolve problems independently and understand escalation procedure. Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues.
•Report common and repeat problems (trend analysis) to management and propose process and technical improvements.
•Provide resolution plans for system and network issues.
•Perform system maintenance and maintain current documentation.
•Perform other duties as assigned.
•Shift-work assignment hours which will be based on typical rotating shifts to support security operations. Candidates should be flexible to rotating 8 or 12 hour shifts.
Behavior Characteristics:
The Analyst will consult with stakeholders and assist with improving processes that are aligned with the mission of the Officer of the Chief Technology Officer and will report to the Director of IT Security. Analyst is expected to contribute to weekly.
Skill
Required / Desired
Amount
of Experience
Expertise Rating
¥ Bachelor’s Degree in Information Technology, Information Security/Assurance, Engineering or related field of study; or at least four years of relate
Highly desired
4
Years
2 - Proficient
General IT Experience
Required
5
Years
3 - Expert
Information Security experience required. (Prior SOC experience preferred).
Highly desired
2
Years
3 - Expert
experience with a variety of operating systems including Windows, Linux or UNIX in a functional capacity preferred.
Highly desired
4
Years
3 - Expert
¥ CSIS, CEH, CSTA, CSTP, GCFE, CISSP, GCIH, GCIA, GPEN.
Required
2
Years
2 - Proficient
Excellent written and verbal communication skills required. Must be able to communicate technical details a clear, understandable manner.
Required
4
Years
3 - Expert
McAfee Nitro, Splunk, McAfee ePO.
Required
4
Years
3 - Expert
Well known protocols and services (FTP, HTTP, SSH, SMB, LDAP).
Required
4
Years
3 - Expert
Keen understanding of routing principles and networking fundamentals.
Required
8
Years
3 - Expert
Packet Analysis Tools (TCPDUMP, Wireshark, Ngrep).
Highly desired
4
Years
3 - Expert