IT Security Operations Analyst

Job Details

Description

*This role has the opportunity to be REMOTE*

First Horizon Bank is looking for an IT Security Operations Analyst. If you’re a detail-oriented, fast learner who will follow a lead to its conclusion, this is a great job for you. The IT Security operations analyst monitors and reviews logs, emails, web traffic, and more to seek out and investigate anomalous activity.

Candidates should have the following technical skills:

• The ability to understand logs from network security devices (Firewalls, Proxies, etc) and Endpoints.
• Familiarity with ACLs on network/security devices, as well as how changes to them affect access.
• A basic understanding of DNS.
• A basic understanding of Active Directory.
• The ability to use Browser DevTools (F12) to dissect web pages.
• An ability to read and understand email headers.
• Proficiency in identifying phishing and Social Engineering emails.
• Proficiency in use of Microsoft Outlook
• Familiarity with Microsoft Excel
• Knowledge of typical network traffic flows and protocols
• Experience with EDR/XDR tools or Sysmon and an ability to use those tools to identify potentially unusual activities on a Windows endpoint.
• Experience with Data Loss Prevention (DLP) products that operate on Web, Mail, Cloud, and/or Endpoints.

Additional Requirements

• Must be able to pass a background check and drug screen.
• Excellent communication skills – to present ideas to end-users, management, and colleagues over written and oral mediums.
• The ability to make quick, educated and sound judgements given adequate evidence.

Preference will be given to candidates with the following

• Experience with SIEM products. (like Splunk, IBM QRadar, MicroFocus ArcSight, or Microsoft Sentinel)
• Experience with Mail Gateways (such as Proofpoint, Cisco IronPort, or MimeCast)
• Knowledge of Kerberos and Kerberos-based-attacks such as Kerberoasting, Golden-ticket, etc.
• Familiarity with Cloud services like AWS, Microsoft Azure, or Google Cloud
• Familiarity with IT Service Management/Helpdesk platforms such as Ivanti, ServiceNow, or BMC
• Familiarity with Netflow and/or Packet Capture products (like Wireshark, Cisco Stealthwatch, LiveAction)
• An understanding of Network Access Control (NAC) products (like Cisco ISE, ForeScout, Aruba ClearPass or FortiNAC)
• An ability to use regular expressions to create filters/rules.
• Familiarity with Microsoft 365 products, tools, and management.
• Familiarity with Cloud Application Security Brokers (CASB).
• Familiarity with Vulnerability Analysis products, like Tenable Nessus and Qualys VMDR
• Previous experience working in a regulated industry like Healthcare or Government is desirable, with preference being given to individuals who have previously worked in the financial industry.