Security Analyst – 6141
Under limited supervision, the security analyst will receive their work directly from the Principal Security Architect based on security events and initiatives, and regular information security maintenance. The Security Analyst will collaborate with IT and Business groups in managing and coordinating diverse internal and external controls, ensuring the confidentiality, integrity, and availability of critical information systems and resources.
The Security Analyst is responsible for supporting technology solutions to prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce, and web-based systems. They will support technologies deployed across application, network/perimeter, data, endpoint, identity & access, and mobility domains. The role will research attempted or successful efforts to compromise systems security and provide countermeasure recommendations.
We are a very small team allowing each person to wear many hats. This is a generalist role, requiring someone who knows each area reasonably well and knows when to engage co-workers, vendor support, or specialists for additional help. The role requires an understanding of core infrastructure concepts such as common operating systems, networking, storage, and how systems marry and interact.
- Responsible for all aspects of SEIM administration and support including tuning of correlations rules, incident investigation, event analysis, and automation
- Assists with administration, monitoring, and investigations associated with defensive technologies including Endpoint Detection & Response (EDR), IDS/IPS, Secure Service Edge, Secure Web Gateway, MFA, Identity and Access Management
- Performs analyses of network security requirements and contribute to the design, integration, and installation of firewall hardware and software
- Provides support for modifying firewall rule sets, troubleshooting, analyzing network traffic flows and application lockdown in an enterprise environment
- Supports and administers vulnerability management program, coordinating with relevant stakeholders to drive progress and maintain accountability, and assisting with remediation where practical
- Assists in the development of company-wide security controls and processes that align with company goals, policies, cultural values, and industry best practices
- Thoroughly investigates suspicious emails
- Thoroughly investigates and respond to cyber events and incidents
- Supports incident handling and response
- Supports user security awareness and training programs
- Demonstrated experience of “hands-on” knowledge of many of the following platforms: Firewalls, IPS/IDS, SEIM, Vulnerability Scanners, WAF, Secure Web Gateway, Proxies, DNS Security, EDR/XDR, etc.
- Security Operations experience with Endpoint Detection & Response (EDR) analysis, endpoint monitoring, and/or digital forensics.
- Able to quickly learn administration and support for new technologies.
- Customer-focused with a "service first" mentality and best-in-class communication skills.
- Employs excellent collaboration and communications abilities.
- Employs good problem-solving skills.
- Has the ability to prioritize work and multi-task.
- A self-starter and self-motivated.
- BS degree in Information Security (or equivalent) and a minimum of three years’ experience in working with and supporting security operations technologies.
- One or more professional network and security certifications such as Security+, Network+, CCNA, GIAC GSEC, or SSCP (or equivalent work experience)