Full Time Sr. Cyber Security Operations Analyst
Primary Purpose of Job:
Provide technical leadership and expertise for all Cyber Security technologies both within the Cyber Security Operations Center (CSOC) and to the infrastructure and development operational teams. Design and engineer the development of the Cyber Security Operations program by providing training for the junior members and by authoring documentation and developing technology, processes and procedures. Serve as mentor to less experienced CSOC analysts as well as provide recommendations to engineering and architecture teams to improve existing technologies. Act as a technical escalation point on the Cyber Security Incident Response Team (CSIRT) for cyber security incident investigation, attack / malware remediation, forensic analysis, threat mitigation, vulnerability detection, and data leakage prevention. Provide subject matter expertise for infrastructure operational support of firewalls, intrusion detection / prevention, network access control, email security, endpoint incident response and anti-malware, vulnerability scanning, web proxy, data leakage prevention, multifactor authentication, security event and incident management, and data access control. Maintain working knowledge of applicable compliance standards as well as security frameworks such as NIST and ISO in order to provide operational management and guidance for security compliance efforts
Cyber Security Incident Response
20% of total job
Cyber Security Operations (Security Event Detection, Monitoring, and Analysis)
45% of total job
Security Infrastructure Operations (Troubleshooting and Support)
35% of total job
C. Position in Organization
Reports to: Cyber Security Operations Lead
Directly supervises: N/A
Indirectly supervises: N/A
Inside the Company: All Information Services personnel, QTCC personnel, and Division, QTK, QTD, and FS staff.
E. Position Specifications
The required specifications (education, experience, and skills) are those that the employee must have to hold the position. Applicants applying for this position must possess the required specifications in order to be considered for the job. The desired specifications are those that are not required for the employee to hold the position but the employee should try to obtain the desired education, experience, and/or skills to be effective and successful in the position.
Required Education: Bachelor’s degree in computer science or equivalent experience in a Cyber Security related field.
Desired Education: Bachelor’s degree in Cyber Security or 4 year college degree in a technology related field. CISSP, GCIH, GCIA certified. PCNSE, CCNA Security (640-554)Required experience: 8 years of experience in cyber security. Must be able to demonstrate expert level knowledge of security concepts, processes, and procedures including incident response / investigation, threat detection / prevention, firewalls, web and email security, and have an advanced understanding of security technologies. Must have advanced level experience working with firewalls, web/mail security, wireless, VPN, SIEM and network access control. Must be able to demonstrate advanced knowledge of vulnerability analysis, exploitation techniques and incident management. Experience designing and engineering solutions for a Cyber Security Operations team.
Desired Experience: 10 years of IT security work. Expert experience with network threat analysis, architecture analysis and data fusion analysis techniques and methodologies. Experience leading and conducting forensic investigations in relation to Incident Response activities. Experience with technical leadership and is able to mentor junior analysts. Systems engineering and/or networking engineering experience.
Required Skills: Cyber Security technology design and configuration knowledge, advanced understanding of networking, operating systems (Windows & RHEL) and virtualization. Advanced knowledge of current investigation and evidence-handling techniques. Excellent problem solving skills to troubleshoot and resolve production network related issues. Strong oral and written communication skills with a focus on documentation and diagramming. Must be able to take the initiative and work without direct supervision. Experience in technical leadership and ability to provide training and guidance in a team-oriented, collaborative environment. Able to conduct research into Cyber Security trends, issues and products as required.
Desired Skills: Scripting skills (e.g., PERL, Python, shell scripting)
Worker must be able to hear, see and speak to supervisors, co-workers, internal customers and vendors and to identify and deal with such via the telephone or in person in order to accomplish job responsibilities. Worker must be conscious of the office paging system. He/she will use the sense of touch for holding a writing instrument, typing on the computer, telephone-dialing pad, etc.
This job requires that the worker sit to perform the majority of work duties. His/her office is set up so that the majority of work duties are performed in a sitting position (i.e. computer, telephone). . He/she must breathe (non-assisted) in order to accomplish job duties via the telephone. Worker must be able to report for work on time.
Worker must be able to concentrate and perform work with many interruptions (persons and telephone). He/she must be able to conceptualize work delegated by his/her supervisor in order to complete it correctly. He/she must learn new processes as QuikTrip changes. Worker must be able to reason, think through and solve problems. He/she must maintain his/her composure with internal and external customers.
F. Additional Criteria: On call 24 hours per day, seven days per weeks. Position will require shift work that could include weekends and nights as dictated by support needs. Must have knowledge of many areas and be able to switch between them rapidly. Must be able to work under pressure and provide guidance to Information Services users during crisis modes.