Cyber Security Operations Analyst

Tulsa, OK

Opportunity Details

Full Time Cyber Security Operations Analyst

Tulsa, OK

Primary Purpose of Job:

 

Provide second tier security event analysis, investigation, and escalation and support for Cyber Security technologies both within the Cyber Security Operations Center (CSOC) and to the infrastructure operational teams.  Ingest, interpret, and develop internal and external Cyber Threat Intel for determination of potential threat and impact, hunting to determine potential scope, and implementation of mitigations to defend the organization.   Develop, execute, and maintain a Preventative Maintenance and Management schedule for all security appliances, hardware and software components.  Participate as a core member of the Cyber Security Incident Response Team (CSIRT) with evidence gathering / processing, cyber security incident investigation, attack / malware remediation, forensic analysis, threat mitigation, vulnerability detection, and data leakage prevention. Provide guidance and support to the other operational infrastructure and application teams for problem management, service outages, service requests, and changes.   

 

 

Major functions for this position starting with the most important and ending with the least important. 

  1. Cyber Security Operations (Security Event Detection, Monitoring, and Analysis)

  • Perform optimization and false-positive/negative tuning on security tools to ensure event and alert integrity.
  • Identify, analyze and respond to malicious activity, and gather evidence to assist in determining which events should be declared as a security incident.
  • Perform second tier analysis of exploits such as malware, network intrusions, and unauthorized usage to help determine attack-surface, patient zero, and accessible pivot-points.
  • Ingest, interpret, and develop internal and external Cyber Threat Intel for determination of potential threat and impact, hunting to determine potential scope, and implementation of mitigations to defend the organization.
  • Develop intelligence on, characterize, track, and mitigate to the extent possible, potential threat actors and activities.
  • Assist with security awareness content and provide education on security policies and practices.
  • Provide second tier network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
  • Produce reports on intrusion activities, security incidents, and other threat indications and warning information to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues.
  • Work with senior analyst to maintain system baselines and configuration management items, including security event monitoring policies, in a manner determined and agreed to by management. Ensure changes are made using an approval process agreed to in advance.

45% of total job

 

2. Security Infrastructure Operations (Troubleshooting and Support)

 

Provide second tier security infrastructure operations support for security tools both during business hours and on-call.

35% of total job

3. Cyber Security Incident Response

  • Participate in cyber security incident response (to include identification, mitigation, containment, investigation, and remediation).
  • Assist with forensic analysis of systems, network devices, and suspicious files for intrusion, improper-use, and HR-related incidents.
  • Analyze security tool events/alerts, as well as system, network, firewall, application, and mobile logs while maintaining proper evidence-handling best-practices during an incident.
  • Participate in regular table-top sessions with Security team to determine appropriate actions required to address new developing security threats and potential customer impact.
  • Document all activities during an incident and provide status updates to senior analysts and IT Security Manager during the life cycle of the incident.
  • Participate in cyber security incidence investigations that involve analysis and data analytics, computer crimes and require log, forensic and malware analysis.
  • Perform post mortem analysis and data mining on logs, traffic flows, and other activities to identify malicious activities.
  • Provide input detailing the events of the incident to be delivered to IT leadership team and applicable parties.
    • 20% of total job

       

       

      C. Position in Organization

       

                Reports to:                                             Cyber Security Operations Lead

       

                Directly supervises:                               N/A

       

                Indirectly supervises:                            N/A

       

      D. Relationships

       

                Inside the Company:                             All Information Technology personnel, QTCC personnel, and Division, QTK, QTD, and FS staff.

       

                Outside the Company:                          Hardware and software vendors, personnel in other companies involved in supporting security tools.

       

      E. Position Specifications

       

                The required specifications (education, experience, and skills) are those that the employee must have to hold the position.  Applicants applying for this position must possess the required specifications in order to be considered for the job.  The desired specifications are those that are not required for the employee to hold the position, but the employee should try to obtain the desired education, experience, and/or skills to be effective and successful in the position. 

       

    •  

      Required Education: Associates degree in cyber security or computer science related field, or equivalent experience.  Experience in a cyber security related field.

 

      Desired Education: Bachelor's degree in computer science or equivalent experience in a cyber security related field.  Vendor certification on a specific security platform (i.e. Palo Alto ACE, Cisco 300 SISAS, Nexpose Certified Administrator, etc.), and/or GIAC Security Essentials Certification.  
    •  Required experience:                         4+ years of experience in cyber security.  1+ year experience in 24/7 Cyber Security Operations Center (CSOC).  Experience working with firewalls, web and email security solutions, wireless, VPNs, enterprise security incident and event management solutions such as Splunk, and access control tools such as Cisco ISE. Operating System Experience & Troubleshooting Client Technology. Understands common vulnerability analysis and exploitation techniques. Ability to read and write Intrusion Detection System signatures. Experience reviewing and analyzing network packet captures. Experience performing security/vulnerability reviews of network environments 

      .

Desired Experience: 5+ years of IT security work.  3+ years’ experience working in Cyber Security Operations center (SOC). Experience with network threat analysis, architecture analysis and data fusion analysis techniques and methodologies.  Conducted forensic investigations in relation to Incident Response activities. Holds a Systems Security Certified Practitioner certification.

    •  

Required skills: Security Configuration knowledge, Network Infrastructure Knowledge, Diverse device configuration knowledge. Excellent problem-solving skills to troubleshoot and resolve production network related issues.  Strong oral and written communication skills with a focus on documentation and diagramming. Must be able to take the initiative and work without direct supervision. Experience working in a team-oriented, collaborative environment. 

    •  

Desired Skills: Able to conduct research into Cyber Security issues and products as required. Scripting skills (e.g., PERL, Python, shell scripting)

 

Additional Criteria:  

    •           Position will require shift work that could include weekends and nights as dictated by support needs. On call 24x7. Must have knowledge of many areas and be able to switch between them rapidly. Must be able to work under pressure and provide guidance to Information Technology users during crisis modes.

       

       

       

Top Down