Security Analyst II – Cyber Defense

Job Summary:

Under limited supervision the Security Analyst II will report to the Security Operations Team Lead. He/she will work collaboratively to detect and respond to information security incidents, develop, maintain, and follow procedures for security event alerting, and participate in security investigations. The Security Analyst II will perform tasks including monitoring, research, classification and analysis of security events that occur on the network or endpoint. The Security Analyst II should have familiarity with the principles of network and endpoint security, current threat and attack trends, a basic understanding of the OSI model, and have a working knowledge of defense in depth strategies. In addition, the candidate should understand data flow across multiple layers of defense technology, and have at least a high level familiarity with the Cyber Kill Chain. The Security Analyst II must be competent to work at a technical level, be capable of identifying threats and vectors that cause security events, and be able to follow defined procedures for mitigating said threats and help develop those procedures where adjustments are needed.

Key Responsibilities:

• -Respond to network and host based security events
• -Participate in detecting, investigating, and resolving security events
• -Capable of working independently while supporting Security Analyst I as necessary
• -Identify and propose areas for improvement within the Security Operations Team
• -Provide documentation and project support
• -Provide reporting metrics as necessary from ticketing/SIEM
• -Act as second and/or third-tier support for the Security Analyst I
• -Serve as an escalation point for difficult problems and complex inquiries
• -Serve as a back-up to the Security Operations Team Lead

Knowledge, skills and experience requirements:

• Proven experience with multiple security event detection platforms
• Thorough understanding of TCP & UDP in the context of the OSI Model
• High-level understanding of global internet infrastructure and IP space
• Demonstrated integrity in a professional environment
• Understanding of basic types of encryption, digital fingerprints, SSL/TLS certificate exchange, SSH RSA Key Management
• Familiarity with typical WebApp server stacks
• MS Office proficiency including Excel Pivot tables
• Good social, communication and technical writing skills
• Comfortable navigating and troubleshooting Linux and Windows system issues
• Comfortable writing queries in Log Aggregates/SIEMs such as Splunk, Kibana, Qradar, etc.
• Sed/Awk/Grep proficiency preferred
• Regular Expressions experience required
• Familiar with OWASP top 10 & SANS top 20
• Understand the vulnerability management lifecycle
• Displays a sense of urgency around critical incidents
• Familiarity with tcpdump, Wireshark, and the concepts of packet capture points in a switched network
• Strong understanding of DNS, including record types & knowledge of common public DNS servers
• Strong understanding of various remote management tools: Bomgar, Telnet, SSH, RSH, C$, VNC, screen, jump servers

Qualifications, certifications and education:

Education

Bachelor’s Degree in Computer Science, Information Systems, Engineering, related field or relative work experience preferred.

Experience:

Minimum of 2-3 years of experience in one or more of the following:

• Working in a Security Monitoring/Security Operations Center environment (SOC)
• Experience investigating security events, threats and/or vulnerabilities
• Understanding of electronic investigation and log correlation
• Proficiency with the latest intrusion detection platforms; working knowledge of Linux and/or Windows systems administration (Including AD)
• Scripting or programming (Shell scripting, Power Shell, Python, C, C#, Java, etc.)
• Performing malware analysis
• Desired: Previous leadership experience as a team lead or supervisor

Certification Requirements: Minimum of one. CISSP, CISM, CEH, GCIA, OSCP