IS Security Analyst
The IS Security Analyst will support Security Operations performing computer network defense and incident response. This role includes performing day to day operations of company wide Information Systems security technologies as well as programs deployed globally. Some design and deployment may also be performed. The role operates in collaboration with other Information Services teams to improve and maintain the overall security posture of the IT Infrastructure as well as protect data assets. The role will have the critical function of monitoring infrastructure and supporting operational incident response during a known or potential security event. In-depth analysis of systems and data involved with these events will be required on a regular basis to develop threat assessment criteria with regular reporting and performance metrics.
JOB CORE RESPONSIBILITIES
- Operational Duties: Daily review and analysis of data from intrusion detection systems, anti-virus solutions, vulnerability assessment tools, as well as log correlation tools to identify actionable threats or remediation. Responsible for security incident response and event handling as either a primary, secondary, or tertiary responder for any known or potential security incidents/events globally. Communicates and coordinates with all internal IS teams as well as any service providers on various attack scenarios including viruses, worms, stolen credentials, DDOS attacks, etc. Conducts investigations and digital forensics while communicating and coordinating remediation efforts. Stays well-informed and current on product updates, the threat landscape, and vulnerabilities relating to technology. Coordinates security patch implementations or stop-gap measures. This work is performed during day shift with availability required 7x24x365 on a rotating schedule with primary, secondary, and tertiary support responsibilities.
- Business Support: Participates in business and IS initiatives as an IS security professional providing guidance to others on proper IS security practices. Performs security assessments to identify potential IS security risks in all aspects of the business including IS technical implementations (applications or equipment) as well as IS or business processes. Helps develop and socialize security baselines for all flavors of IT infrastructure. Assists in defining security related processes and procedures for the department as well as the company that can be employed on a global basis. Participates in internal and third party audits of the company’s IS security policies, procedures, as well as operational duties while supporting any remediation efforts that may be identified as a result of an audit. Contributes to and delivers end user security awareness training, effective reporting, as well as performance metrics.
- Projects: Helps coordinate and execute IT security projects as defined and prioritized in the overall global IS security strategy. Evaluates the security posture of company IT globally as well as any related data assets to ensure internal security controls are appropriate and operating as intended. Stays well-informed and current on the latest IS security technologies, methodologies, and events. Identifies external resources such as vendors, products, or services that may assist in meeting IS security objectives or promote lower IS security costs. Evaluates and delivers recommendations pertaining to the procurement of security related technology including software, hardware, and services. Evaluates and delivers feedback on the potential security aspects or impact of non-security related technology including software, hardware, and services. Liaisons with external IS security vendors and service providers.
- Bachelor’s degree (or equivalent experience) in Computer Science, Engineering, or other technical field
- Minimum two year of direct information security experience in a global IT environment supporting at least 2 of the 10 security domains
- Previous experience in a security operations center (SOC) performing protect and defend operations and/or incident response.
- Certified | Ethical Hacker (C|EH), GIAC Certified Incident Handler (GCIH), a plus
- Detailed functional knowledge of network technologies including network security focused technologies such as next generation firewalls and web application firewalls in a global IT environment
- Working knowledge of server technologies including administration, virtualization, Active Directory, Microsoft Exchange, and Citrix in a global IT environment
- Working knowledge of both Windows and Linux/Unix operating systems
- Experience using Microsoft Word, Excel, PowerPoint, Visio, and SharePoint. Microsoft Project, Access, SQL, PowerShell, or scripting experience is a plus.
- Develop content for computer network defense (CND) tools
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Monitor external data sources (e.g., computer network defense [CND] vendor sites, Computer Emergency Response Teams, SANS)
- Security Focus) to maintain currency of CND threat condition and determine which security issues may have an impact on the enterprise
- Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
- Perform computer network defense (CND) trend analysis and reporting
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
- Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
- Use computer network defense (CND) tools for continual monitoring and analysis of system activity to identify malicious activity
- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information
- Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)
- Determine appropriate course of action in response to identified and analyzed anomalous network activity
- Determine tactics, techniques, and procedures (TTPs) for intrusion sets
- Identify and analyze anomalies in network traffic using metadata
- Validate Intrusion Detection System (IDS) alerts against network traffic using packet analysis tools
- Triage malware
|Job Category||Cyber Security, Information Technology, Software Development|