Threat Detection & Response (TDR) Analyst

Spartan Technologies, Inc. - Atlanta, GA

We are searching for a Threat Detection & Response (TDR) Analyst that will join the Security Operations Center (SOC) and respond to cyber threats. The TDR Analyst will tackle the responsibilities for our network & systems, as well as collecting and analyzing threat intelligence, performing security monitoring activities, and conducting incident responses, while reporting directly to our Senior Manager of Threat Detection.

 

This role requires a US Citizen for Green Card Holder. Will be remote to start but will eventually need to go into the office in Atlanta, GA on a Flexible schedule.

Responsibilities

  • Monitor networks, systems, and information assets for security events, so you can detect cyber incidents and minimize their impact to the organization.
  • Detect and respond to incidents using SIEM, behavioral analytics, and network analysis.
  • Analyze log files from a variety of sources to ID potential threats to network security.
  • You’ll document and escalate cyber incidents that may cause ongoing and immediate impact to the environment.
  • Be responsive, so you can mitigate the impact of cybersecurity incidents on the environment.
  • Update scenario-based procedures, classifications, techniques, and guidance as required.
  • Perform incident triage, making recommendations that allow for rapid remediation.
  • Track and document cybersecurity incidents from first detection until final resolution.
  • Keep up with the latest trends in threat intelligence, security monitoring and incident response, and collect data from subscription and open-source feeds.
  • Have an eye on changes in threat dispositions, activities, tactics, capabilities, objectives as related to designated cyber operations warning problem sets and report on these issues regularly.
  • Operate in a proactive threat intelligence and active defense program to collect and analyze threat intelligence data, then you’ll incorporate that information so decisions can be made at operational and strategic levels.

Minimum Qualifications

  • Minimum 3+ years of technical experience in the Information Security field
  • Experience writing, reviewing and editing cyber-related intelligence/assessment products from multiple sources
  • Experience triaging security events using a variety of tools including QRADAR in a security operations environment
  • Experience with packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions
  • Familiarity with conduct incident response activities and see incidents through to successful remediation
  • Experience with a programming/scripting language such as Python, Perl or similar, and rock solid when it comes to sourcing data used in intelligence, assessment and/or planning products, and are always thorough and accurate
  • Borderline guru when it comes to computer networking concepts and protocols, and network security methodologies
  • Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions, and a solid understanding of network traffic analysis methods including packet-level analysis
  • Experience with network security architecture concepts including topology, protocols, components, and principles
  • Good understanding of cyber-attack stages, as well as malware analysis concepts and methodologies and can confidently employ incident handling methodologies
  • Proficiency with common cybersecurity management frameworks, regulatory requirements and industry leading practices
  • At least one of the following certifications (or you will obtain one within your first 12 months of employment): CISSP, CEH and/or the following SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.
  • On top of all this expertise, you also show up with a some super strong skillsets, including process execution, time management and organizational skills, as well as an admirable work ethic, leadership skills, initiative and ownership of work
  • Ability to communicate in a confident and well-organized manner, whether that’s verbal, written, and/or visual communications

Preferred Qualifications

  • BS in Computer Science, Information Systems, Engineering, or a similar field.
  • Experience with endpoint security agents (Carbon Black, Crowdstrike, etc. as well as network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques.
  • Experience with host-based detection and prevention suites (Microsoft SCEP, OSSEC, etc.)
  • Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.

 



Posted On: Wednesday, September 15, 2021



Apply to this job
  • *
  • *