Cyber Security Analyst
Spartan Technologies, Inc.
- Atlanta, GA
We are searching for a Cyber Defense Analyst , a thought leader within the Information Security community who will make significant contributions to the overall posture of the security program. This is a role that reports directly to the Senior Director of Cyber Defense.
You will participate and contribute to the security community; participate with (and even lead) team exercises. You’ll threat model new products, projects, and technologies, as well as provide support during incident response activities. Though you’d have no direct reports, our Security Operations Center analysts would look to you as a mentor.
This role requires a US Citizen for Green Card Holder. Will be remote to start but will eventually need to go into the office in Atlanta, GA on a Flexible schedule.
- Be actively involved in the security community and will present on relevant cyber topics.
- Responsible for threat modeling new products, projects and technologies that are being developed and/or implemented.
- Research, develop, and evaluate defensive tactics, techniques, and procedures (TTPs) for detecting and responding to modern cyber threats, leveraging the MITRE ATT&CK framework.
- Develop, implement and/or tune detections and content for security sensors, including Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), and network Intrusion Prevention/Detection Systems (IPS/IDS).
- Perform offensive Red Team operations, with a focus on simulating adversaries. You’ll also test Blue Team Detection and Response processes.
- Work alongside SOC colleagues to develop requirements for new technologies and evaluate SOC tools.
- Help out with cyber security incident response teams response efforts as needed, including as an additional point of escalation.
- Take part and contribute to industry events where knowledge on the latest TTPs and corresponding detection techniques is shared.
- Have the opportunity to attend and present at conferences.
- Minimum 10+ years of relevant information security industry experience as part of an information security team.
- Advanced knowledge of threat landscape, malware, attack techniques, IOCs, TTPs, and CSF frameworks.
- Solid knowledge of tactical security models such as the Cyber Kill Chain, MITRE ATT&CK, and diamond model analysis.
- Hands-on Red team experience, and know how to perform a variety of penetration tests.
- Experience with building detections and content for security sensors, including Endpoint Detection and Response (EDR”), Security Information and Event Management (SIEM”), and network Intrusion Detection Systems (IDS”).
- Experience using Kibana or Elastic Search, as well as cloud security in environments such as Azure, AWS, or GCP hosting environments.
- Knowledge of variety of hardware, software, and cloud security controls (Firewalls, routers, switches, virtualization infrastructure, IDS/IPS, DDoS, WAF, proxy, CASB, advanced malware detection, EDR, SIEM, Threat Intelligence Platform, DLP, etc.)
- Strong writing, communication, and presentation skills.
- Ability to prioritize and execute tasks in a high-pressure environment.
- BS in Computer Science, Information Systems, Engineering.
- Experience with QRadar/JSA, Cortex XSOAR/Demisto., and with endpoint security agents like Carbon Black or CrowdStrike.
- Experience with network forensics and associated toolsets, (Moloch, WireShark, , tcpdump), analysis techniques, as well as host-based detection and prevention suites like Microsoft Defender or OSSEC.
- Experience navigating and working in hybrid cloud environments.
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
- SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN
Wednesday, September 15, 2021