Threat Detection & Response (TDR) Analyst
Spartan Technologies, Inc.
- Atlanta, GA
We are searching for a Threat Detection & Response (TDR) Analyst that will join the Security Operations Center (SOC) and respond to cyber threats. The TDR Analyst will tackle the responsibilities for our network & systems, as well as collecting and analyzing threat intelligence, performing security monitoring activities, and conducting incident responses, while reporting directly to our Senior Manager of Threat Detection.
This role requires a US Citizen for Green Card Holder. Will be remote to start but will eventually need to go into the office in Atlanta, GA on a Flexible schedule.
- Monitor networks, systems, and information assets for security events, so you can detect cyber incidents and minimize their impact to the organization.
- Detect and respond to incidents using SIEM, behavioral analytics, and network analysis.
- Analyze log files from a variety of sources to ID potential threats to network security.
- You’ll document and escalate cyber incidents that may cause ongoing and immediate impact to the environment.
- Be responsive, so you can mitigate the impact of cybersecurity incidents on the environment.
- Update scenario-based procedures, classifications, techniques, and guidance as required.
- Perform incident triage, making recommendations that allow for rapid remediation.
- Track and document cybersecurity incidents from first detection until final resolution.
- Keep up with the latest trends in threat intelligence, security monitoring and incident response, and collect data from subscription and open-source feeds.
- Have an eye on changes in threat dispositions, activities, tactics, capabilities, objectives as related to designated cyber operations warning problem sets and report on these issues regularly.
- Operate in a proactive threat intelligence and active defense program to collect and analyze threat intelligence data, then you’ll incorporate that information so decisions can be made at operational and strategic levels.
- Minimum 3+ years of technical experience in the Information Security field
- Experience writing, reviewing and editing cyber-related intelligence/assessment products from multiple sources
- Experience triaging security events using a variety of tools including QRADAR in a security operations environment
- Experience with packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions
- Familiarity with conduct incident response activities and see incidents through to successful remediation
- Experience with a programming/scripting language such as Python, Perl or similar, and rock solid when it comes to sourcing data used in intelligence, assessment and/or planning products, and are always thorough and accurate
- Borderline guru when it comes to computer networking concepts and protocols, and network security methodologies
- Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions, and a solid understanding of network traffic analysis methods including packet-level analysis
- Experience with network security architecture concepts including topology, protocols, components, and principles
- Good understanding of cyber-attack stages, as well as malware analysis concepts and methodologies and can confidently employ incident handling methodologies
- Proficiency with common cybersecurity management frameworks, regulatory requirements and industry leading practices
- At least one of the following certifications (or you will obtain one within your first 12 months of employment): CISSP, CEH and/or the following SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.
- On top of all this expertise, you also show up with a some super strong skillsets, including process execution, time management and organizational skills, as well as an admirable work ethic, leadership skills, initiative and ownership of work
- Ability to communicate in a confident and well-organized manner, whether that’s verbal, written, and/or visual communications
- BS in Computer Science, Information Systems, Engineering, or a similar field.
- Experience with endpoint security agents (Carbon Black, Crowdstrike, etc. as well as network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques.
- Experience with host-based detection and prevention suites (Microsoft SCEP, OSSEC, etc.)
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
Wednesday, September 15, 2021