Essential Functions:
- Monitor Information Security alerts using Security Information and Event Management (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts.
- Utilize sensor telemetry data and correlated logs to establish context of an alert and rule out false positives.
- Perform analysis of security alerts to evaluate true positive malicious risk to the business, determine containment action, and identify required preventative measures.
- Ensure proper documentation of security incidents including attack details within the incident management system.
- Collaborate with operational support teams to ensure they are actively engaged in addressing potential security threats that can impact business.
- Respond to incoming reports of security incidents from the organization via calls and emails.
Work Arrangement:
- This position is staffed in shifts supporting a 24x7x365 global security operations center. Analysts work a series of 12-hour shifts (followed by days off). Staff assigned to the operations center are considered critical and may need to cover holidays and weekends, if scheduled.
- This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.
Basic Qualifications:
- Bachelor's degree, OR 3+ years of relevant work experience
Preferred Qualifications:
- Bachelor's degree, OR 3+ years of relevant work experience
- Experience of Security Operations Center (SOC) work experience with a Bachelor's degree.
- Experience in Cybersecurity or computer network defense role.
- Relevant security-related certifications a plus : CISSP, GCIH, GCIA, GCED, GCFA, CySA+.
- Proven subject matter ability in relevant areas, such as incident response, intrusion analysis, malware analysis, web application security or security engineering.
- Strong knowledge of malware families and network attack vectors.
- Solid understanding of TCP/IP and internetworking technology including packet analysis, routing and network security defenses.
- Strong knowledge of operating systems (Windows & Linux), network services and applications.
- Demonstrated experience in an enterprise-level incident response team or security operations center.
- Direct experience in handling cyber security incidents and associated incident response tools.
- Experience in operating and utilizing Security Information and Event Management tool.
- Strong working knowledge of common security tools such as SIEM, AV, WAF, IDS, Netflow, Packet Analyzer and Endpoint Detection & Response tools.
- Knowledge of web applications security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks and API attacks.
- Good understanding of Web Application Security risks.
- Excellent understanding of DDoS techniques and mitigation mechanisms.
- Display great problem-solving skills, with tenacity and resilience to resolve issues.
- Excellent communication and presentation skills with proven skill in presenting analytical data effectively to varied audiences.
- Strong interpersonal and leadership skills to influence and build credibility as a peer.
- Strong understanding of cloud technologies and related security best practices.
