Requirements
- BS or MA in computer science, information security, cybersecurity or a related field
- 3+ years of experience as a junior security operations analyst
- 3+ years of experience in active defense, blue team, SIEM and incident response
- Experience in IT audit, enterprise risk management, penetration tester, red team/incident responder
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans or behaviors
- An understanding of organizational mission, values, goals and consistent application of this knowledge
- Strong problem-solving and troubleshooting skills
- Self-driven and proactive
Desired:
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)
- Experience with regulatory compliance and information security management frameworks (such as International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)
Tasks and Responsibilities
- Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls, and host-based security systems.
- Interface with our MDR EDR teams to investigate threats and incidents and work with other IT members and business teams to get incidents contended and addressed.
- Conducts log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
- Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organization
- Correlates activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
- Reviews alerts and data from security tools, and documents formal, technical incident reports
- Works with threat intelligence and/or threat-hunting teams
- Provides users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
- Supports the creation of business continuity/disaster recovery plans, including conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies
- Works with security information and event management (SIEM) and vulnerability management tools to manage/tune the system, create/manage the detection content and actively watch for alerts
- Correlates network, cloud and endpoint activity across environments to identify attacks and unauthorized use
- Researches emerging threats and vulnerabilities to aid in the identification of incidents
- Provides users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
- Perform security standards testing against computers before implementation to ensure security
- Deploy security tools and scripts as needed to improve security capabilities and asses the security posture at Navis and Kaleris environments.