Information Security Analyst II is responsible for the monitoring, analyzing and maintaining technical security controls in support of Information Security Program. This role will be focused on performing advanced triage and detail analysis of security events of technology environments and integrating risk-based threat intelligence into the operational environment. The role also supports the ability to maintain assurance in our technical security controls so that risks to the confidentiality, integrity and availability of information systems and infrastructure are sufficiently mitigated which in turn, supports operational goals. Assists with end user support as needed and assists other information security analysts. This role will have oversight of and responsibility for either junior SOC Analysts or SOC Vendor Management
MAJOR DUTIES AND RESPONSIBILITIES: Advanced monitoring of the day-to-day operation of Security Information and Event Management (SIEM) and Network Anomaly Detection and other security control tools. Provides input into the daily security SOC report. Works on alerts assigned to the Security Team from outsourced Tier-1 24x7 managed SEIM monitoring provider as a Tier-2 advanced support person and on tickets directly sent to the security helpdesk. Ensures effective network monitoring, log management and log analysis from a variety of network sensors to investigate suspect network activity. Interprets raw network traffic (e.g. packet capture) and determining whether activity is legitimate. Provides technical security leadership to junior analysts and work jointly with engineers, where required. Assist in operating all technical security systems and their corresponding or associated user/analyst interfaces, including web proxy filtering systems, host and client based firewalls, intrusion detection/prevention systems, endpoint security systems, ant-malware and anti-virus software to monitor network activity. Conducts investigations, malware analysis and prepares comprehensive reports with timely escalations to Network or Security Engineering, for review. Remain informed on trends and issues in the security industry, including current and emerging technologies. May supervise the daily activities of junior SOC Analysts. Responsible for performance and contributes to employment decisions and training; Or, supervises vendor relationship to include contribution to vendor selection; overseeing implementations, ongoing relationships and strengthening partnerships with our vendors.
EDUCATION & EXPERIENCE: Required Education/Experience: Bachelor’s degree in Computer Science or Information Systems, Information Technology or related focused technical training or in lieu 4 additional years of engineering and project management experience. 6 year of related experience in Information Security, with at least 4 years of Security Engineering or Security Administration preferred. Familiarity with security tools (Vulnerability Management, SIEM, Endpoint Security, Web proxies, etc.) Supervisory or Leadership experience Preferred Education/Experience: ? 8 years of Security Engineering or Security Administration preferred. Familiarity with security tools (Application Security, Pen Testing, Network Anomaly Detection, email gateway, etc.) Required Certifications, Licenses or systems needed : CompTIA Security+ One of the following: o SANS GIAC Certifications GISF: GIAC Information Security Fundamentals GSEC: GIAC Security Essentials Certification GOEC: GIAC Operations Essentials Certification o Certified Network Defender (CND) or Ethical Hacker (CEH) Preferred Certifications, Licenses or systems: One or more of the following certifications (or equivalent) preferred: SANS GIAC Certifications such as o GPPA: GIAC Certified Perimeter Protection Analyst o GCIH: GIAC Certified Incident Handler o GPEN: GIAC Penetration Tester Cisco Certified Network Associate Security (CCNA Security) Certified Network Defender (CND) or Ethical Hacker (CEH) or Certified SOC Analyst (CSA)
KNOWLEDGE & SKILLS REQUIRED Required Knowledge & Skills: Knowledge of TCP/IP networking: networking topology, protocols and services. Advanced Knowledge of Microsoft and Linux operating systems. Knowledge of SEIMs like LogRythmn, Qradar, Splunk, etc.; NDR like Darktrace, ExtraHop, Vectra, etc. Knowledge of SOC tools like VirusTotal, various Sandboxes, various Malware Analysis tools Knowledge working on alerts from systems, firewalls (PaloAlto, Fortinet); IDS/IPS, VPN, WAFs, etc. Good working knowledge of Microsoft Office applications and other software applications as required. Broad knowledge of computer networking technology.
Preferred Knowledge & Skills: Knowledge and experience of Unified Threat Management, Virtualization, Windows Desktop and Server operating systems, firewall technologies, application layer security controls, and IDS/IPS technologies. Knowledge of multiple NBA or UEBA tools. Conduct threat hunting exercises and campaigns. Knowledge of DFIR best practices.