Full Time Cyber Security Operations Analyst
Provide second tier security event analysis, investigation, and escalation and support for Cyber Security technologies both within the Cyber Security Operations Center (CSOC) and to the infrastructure operational teams. Ingest, interpret, and develop internal and external Cyber Threat Intel for determination of potential threat and impact, hunting to determine potential scope, and implementation of mitigations to defend the organization. Develop, execute, and maintain a Preventative Maintenance and Management schedule for all security appliances, hardware and software components. Participate as a core member of the Cyber Security Incident Response Team (CSIRT) with evidence gathering / processing, cyber security incident investigation, attack / malware remediation, forensic analysis, threat mitigation, vulnerability detection, and data leakage prevention. Provide guidance and support to the other operational infrastructure and application teams for problem management, service outages, service requests, and changes.
Cyber Security Operations (Security Event Detection, Monitoring, and Analysis)
45% of total job
2. Security Infrastructure Operations (Troubleshooting and Support)
Provide second tier security infrastructure operations support for security tools both during business hours and on-call.
35% of total job
3. Cyber Security Incident Response
20% of total job
C. Position in Organization
Reports to: Cyber Security Operations Lead
Directly supervises: N/A
Indirectly supervises: N/A
Inside the Company: All Information Technology personnel, QTCC personnel, and Division, QTK, QTD, and FS staff.
Outside the Company: Hardware and software vendors, personnel in other companies involved in supporting security tools.
E. Position Specifications
The required specifications (education, experience, and skills) are those that the employee must have to hold the position. Applicants applying for this position must possess the required specifications in order to be considered for the job. The desired specifications are those that are not required for the employee to hold the position, but the employee should try to obtain the desired education, experience, and/or skills to be effective and successful in the position.
Required Education: Associates degree in cyber security or computer science related field, or equivalent experience. Experience in a cyber security related field.
Required experience: 4+ years of experience in cyber security. 1+ year experience in 24/7 Cyber Security Operations Center (CSOC). Experience working with firewalls, web and email security solutions, wireless, VPNs, enterprise security incident and event management solutions such as Splunk, and access control tools such as Cisco ISE. Operating System Experience & Troubleshooting Client Technology. Understands common vulnerability analysis and exploitation techniques. Ability to read and write Intrusion Detection System signatures. Experience reviewing and analyzing network packet captures. Experience performing security/vulnerability reviews of network environments
Desired Experience: 5+ years of IT security work. 3+ years’ experience working in Cyber Security Operations center (SOC). Experience with network threat analysis, architecture analysis and data fusion analysis techniques and methodologies. Conducted forensic investigations in relation to Incident Response activities. Holds a Systems Security Certified Practitioner certification.
Required skills: Security Configuration knowledge, Network Infrastructure Knowledge, Diverse device configuration knowledge. Excellent problem-solving skills to troubleshoot and resolve production network related issues. Strong oral and written communication skills with a focus on documentation and diagramming. Must be able to take the initiative and work without direct supervision. Experience working in a team-oriented, collaborative environment.
Desired Skills: Able to conduct research into Cyber Security issues and products as required. Scripting skills (e.g., PERL, Python, shell scripting)
Position will require shift work that could include weekends and nights as dictated by support needs. On call 24x7. Must have knowledge of many areas and be able to switch between them rapidly. Must be able to work under pressure and provide guidance to Information Technology users during crisis modes.