Sr. Cyber Security Operations Analyst

Tulsa, OK

Opportunity Details

Full Time Sr. Cyber Security Operations Analyst

Tulsa, OK


Primary Purpose of Job:


Provide technical leadership and expertise for all Cyber Security technologies both within the Cyber Security Operations Center (CSOC) and to the infrastructure and development operational teams.  Design and engineer the development of the Cyber Security Operations program by providing training for the junior members and by authoring documentation and developing technology, processes and procedures.  Serve as mentor to less experienced CSOC analysts as well as provide recommendations to engineering and architecture teams to improve existing technologies.  Act as a technical escalation point on the Cyber Security Incident Response Team (CSIRT) for cyber security incident investigation, attack / malware remediation, forensic analysis, threat mitigation, vulnerability detection, and data leakage prevention.  Provide subject matter expertise for infrastructure operational support of firewalls, intrusion detection / prevention, network access control, email security, endpoint incident response and anti-malware, vulnerability scanning, web proxy, data leakage prevention, multifactor authentication, security event and incident management, and data access control.  Maintain working knowledge of applicable compliance standards as well as security frameworks such as NIST and ISO in order to provide operational management and guidance for security compliance efforts


  1.  Major functions for this position:

Cyber Security Incident Response

  •  Design and engineer the development of the Cyber Security Operations program by providing training for the junior members and by authoring documentation and developing technology, processes and procedures. 
  •  Serve as an escalation point for cyber security incident response (to include identification, mitigation, containment, investigation, and remediation).
  •  Provide leadership to the team with expertise in the latest investigation techniques, containment and mitigation methods, evidence handling standards, threat intelligence, and case documentation best practices.
  •  Provide status updates during the life cycle of an incident and provide recommendations for containment, mitigation, and remediation.
  • Provide input on a final incident report detailing the events of the incident, post-mortem summary, and root-cause analysis to be delivered to Cyber Security management, the IS leadership team, and applicable parties.
  • Perform advanced forensic analysis of systems, network devices, and suspicious files for intrusion, improper-use, and HR-related incidents.
  • Provide guidance to the Cyber Security Operations Team manager to further develop processes and procedures for handling cyber security incidents.
  • Guide the team by providing training on how to analyze security tool events/alerts, as well as system, network, firewall, application, and mobile logs while maintaining proper evidence-handling best-practices during an incident.
  • Research, develop, and stay current on detection, prevention, analysis, forensic, and investigation techniques/tools, in support of security incident detection and response.
  • Implement and tune threat intelligence ingestion and help develop processes and procedures to act upon the intel.

20% of total job

 Cyber Security Operations (Security Event Detection, Monitoring, and Analysis)

  • Provide the team with expertise and guidance in investigating notable / suspicious events across all supported operating systems, network platforms, application logs, and security tools.
  • Work with the CSOC Lead to provide direction to the team and develop processes to identify, analyze and respond to malicious activity, and determine which events should be declared as a security incident in a timely manner.
  • Perform advanced in-depth analysis of exploits such as malware, network intrusions, and unauthorized usage to determine attack-surface, patient zero, and accessible pivot-points.
  • Produce daily/weekly/monthly/quarterly metrics to determine risk factor and attack trends to keep management informed.
  • Plan, develop, and help junior analysts implement cyber security playbooks aimed at the prevention of, monitoring of, detection of, and response to cyber security events. This includes configuration on next generation firewalls, IDS/IPS, Network Access Control Systems, Email and Web Proxy Systems, Endpoint Detection and Response Technologies, Vulnerability Scanning and Validation Technologies, DLP, Multi-factor authentication systems, and SIEM platforms.
  • Maintain knowledge of latest cyber adversary techniques in order to develop defensive methodologies.
  • Review and evaluate network, systems, and application modifications and recommend security configurations and security policy updates.
  • Research, develop, and stay current on monitoring, detection, prevention, analysis, and investigation techniques/tools, in support of security event escalation.
  • Evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness.
  • Act as subject matter expert in regular table top sessions with IT Security team to determine appropriate actions required to address new developing security threats and potential customer impact.
  •  Develop security awareness content and provide education on security policies and practices.

     45% of total job

     Security Infrastructure Operations (Troubleshooting and Support)

      35% of total job



      C. Position in Organization


                Reports to:                                             Cyber Security Operations Lead


                Directly supervises:                               N/A


                Indirectly supervises:                            N/A


      D. Relationships


                Inside the Company:                             All Information Services personnel, QTCC personnel, and Division, QTK, QTD, and FS staff.


                Outside the Company:                          Hardware and software vendors, personnel in other companies involved in supporting security tools and the responsible for triage of incidents.



      E. Position Specifications


                The required specifications (education, experience, and skills) are those that the employee must have to hold the position.  Applicants applying for this position must possess the required specifications in order to be considered for the job.  The desired specifications are those that are not required for the employee to hold the position but the employee should try to obtain the desired education, experience, and/or skills to be effective and successful in the position. 



      Required Education: Bachelor’s degree in computer science or equivalent experience in a Cyber Security related field.


      Desired Education:  Bachelor’s degree in Cyber Security or 4 year college degree in a technology related field. CISSP, GCIH, GCIA certified.  PCNSE, CCNA Security (640-554)

      Required experience:  8 years of experience in cyber security.  Must be able to demonstrate expert level knowledge of security concepts, processes, and procedures including incident response / investigation, threat detection / prevention, firewalls, web and email security, and have an advanced understanding of security technologies. Must have advanced level experience working with firewalls, web/mail security, wireless, VPN, SIEM and network access control.  Must be able to demonstrate advanced knowledge of vulnerability analysis, exploitation techniques and incident management. Experience designing and engineering solutions for a Cyber Security Operations team.


      Desired Experience: 10 years of IT security work. Expert experience with network threat analysis, architecture analysis and data fusion analysis techniques and methodologies.  Experience leading and conducting forensic investigations in relation to Incident Response activities. Experience with technical leadership and is able to mentor junior analysts. Systems engineering and/or networking engineering experience.

      Required Skills: Cyber Security technology design and configuration knowledge, advanced understanding of networking, operating systems (Windows & RHEL) and virtualization.  Advanced knowledge of current investigation and evidence-handling techniques.  Excellent problem solving skills to troubleshoot and resolve production network related issues.  Strong oral and written communication skills with a focus on documentation and diagramming. Must be able to take the initiative and work without direct supervision. Experience in technical leadership and ability to provide training and guidance in a team-oriented, collaborative environment. Able to conduct research into Cyber Security trends, issues and products as required.

      Desired Skills: Scripting skills (e.g., PERL, Python, shell scripting)  


        ADA Information:


      Sensory Requirements:

      Worker must be able to hear, see and speak to supervisors, co-workers, internal customers and vendors and to identify and deal with such via the telephone or in person in order to accomplish job responsibilities.  Worker must be conscious of the office paging system.  He/she will use the sense of touch for holding a writing instrument, typing on the computer, telephone-dialing pad, etc.


      Physical Requirements:

      This job requires that the worker sit to perform the majority of work duties.  His/her office is set up so that the majority of work duties are performed in a sitting position (i.e. computer, telephone).  .  He/she must breathe (non-assisted) in order to accomplish job duties via the telephone.  Worker must be able to report for work on time.


      Mental Requirements:

      Worker must be able to concentrate and perform work with many interruptions (persons and telephone).  He/she must be able to conceptualize work delegated by his/her supervisor in order to complete it correctly.  He/she must learn new processes as QuikTrip changes.  Worker must be able to reason, think through and solve problems.  He/she must maintain his/her composure with internal and external customers.



               F. Additional Criteria:  On call 24 hours per day, seven days per weeks. Position will require shift work that could include weekends and nights as dictated by support needs. Must have knowledge of many areas and be able to switch between them rapidly. Must be able to work under pressure and provide guidance to Information Services users during crisis modes.

      Top Down