Threat Detection & Response (TDR) Analyst

Spartan Technologies, Inc. - Atlanta, GA

We are searching for an Threat Detection & Response (TDR) Engineer that will join the Security Operations Center (SOC) and respond to cyber threats. The TDR Analyst is engaged throughout the incident lifecycle from escalation to resolution and acts by collecting and analyzing threat intelligence, performing security monitoring activities, taking appropriate action based on exposure, and reporting recommendations to leadership. This position reports to the Senior Manager of Threat Detection and Response. Successful candidates will demonstrate a strong business acumen and possess a blend of general business, technology, and security competencies. This is a unique opportunity to work for a telecommunications company protecting national critical infrastructure.

 

This role requires a US Citizen for Green Card Holder. Will be remote to start but will eventually need to go into the office in Atlanta, GA on a Flexible schedule.

Responsibilities

  • Detect and respond to workstation, server and network incidents using SIEM, behavioral analytics, and network analysis to promptly detect and mitigate the impact of cyber incidents.
  • Track, respond, and document cybersecurity incidents in a consistent and well-organized manner from detection through resolution.
  • Perform analysis of log files from a variety of sources (e.g., Windows or Linux hosts, network traffic, firewalls, intrusion detection system [IDS] logs, or application logs) to identify potential threats to the environment.
  • Perform incident triage, to include scope, urgency, and potential impact, making recommendations that enable expeditious remediation.
  • Review and respond to questions and escalated security events from Tier I analysts.
  • Stay current with the latest trends in threat intelligence, security monitoring and incident response.
  • Collect and review intelligence data from relevant sources including subscription and open-source feeds.
  • Create and monitor reference sets across different applications to support threat hunting and monitoring.
  • Develop ad-hoc scripts to extend capabilities and complete tasks-at-hand.

Minimum Qualifications

  • Detect and respond to workstation, server and network incidents using SIEM, behavioral analytics, and network analysis to promptly detect and mitigate the impact of cyber incidents.
  • Track, respond, and document cybersecurity incidents in a consistent and well-organized manner from detection through resolution.
  • Perform analysis of log files from a variety of sources (e.g., Windows or Linux hosts, network traffic, firewalls, intrusion detection system [IDS] logs, or application logs) to identify potential threats to the environment.
  • Perform incident triage, to include scope, urgency, and potential impact, making recommendations that enable expeditious remediation.
  • Review and respond to questions and escalated security events from Tier I analysts.
  • Stay current with the latest trends in threat intelligence, security monitoring and incident response.
  • Collect and review intelligence data from relevant sources including subscription and open-source feeds.
  • Create and monitor reference sets across different applications to support threat hunting and monitoring.
  • Develop ad-hoc scripts to extend capabilities and complete tasks-at-hand.

Preferred Qualifications

  • BS in Computer Science, Information Systems, Engineering.
  • Experience with endpoint security agents like Carbon Black or CrowdStrike.
  • Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump) and analysis techniques.
  • Experience with host-based detection and prevention suites like Microsoft SCEP or OSSEC.
  • Experience navigating and working in hybrid cloud environments.
  • Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
  • SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.

 

 



Posted On: Wednesday, September 15, 2021



Apply to this job
  • *
  • *