Cyber Security Analyst

Company: Secure-24
Location: Southfield
Posted on: January 15, 2021

Job Description:

Cyber Security Incident Responder
Reports to: Manager of Cyber Security Operations CenterDepartment: Security --
JOB SUMMARY: Join a highly skilled and motivated team of Cyber Security Professionals tasked with protecting Secure-24 and its customers. The Cyber Security Analyst role is primarily focused on incident response, however prevention, hunting, digital forensics and consulting also play a role. Leverage a next generation SIEM, SOAR, cyber case management and supplementary tools to investigate, contain, and remediate cyber security incidents. The Cyber Security Analyst must have a drive to learn and grow as the industry changes and Secure-24 adapts rapidly. Secure-24 understands that a candidate may not possess all of the skills required of a Security Analyst for the unique service provider space. --At Secure-24 the desire to learn and the ability to grow is a requirement of the position. --Expert skills in other disciplines are always welcome and shows a candidate---s ability to adapt. --Structured training as well as on the job experience is a required part of the job to bring security professionals up to speed for the complex requirements and fast paced environment of a service provider. --Security Analysts must have a drive to learn and grow as the industry changes and Secure-24 adapts. -- --ESSENTIAL FUNCTIONS: --

• Lead Incident Response investigations for Secure-24 and Secure-24 customers
• Perform analysis of logs and alerts to differentiate security events from security incidents
• Discover and correlate relationships between seemingly unrelated information
• Obtain corroborating evidence through packet analysis of network traffic
• Continuously improve incident response procedures
• Handle security incident escalation via Cyber Case Management tools, SOAR, SIEM, ITSM, email, phone, or walk-up
• Manage and coordinate security incidents to completion and work with internal teams for remediation or escalation assistance
• Tune and troubleshoot SIEM, IDP and other relevant security systems -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- MINIMUM QUALIFICATIONS: --
  • Experience reviewing and analyzing log data from various network and security devices
  • Experience with well-known information security related tools for packet capture, network/OS fingerprinting, and communication
  • Familiarity with Windows and Linux operating systems including command line operation
  • Possess a strong foundation in networking fundamentals with deeper knowledge of TCP/IP and other core protocols
  • Knowledge of common network based services and common client/server applications
  • Excellent verbal/written communication, interpersonal and organizational skills
  • Communicate effectively with varied levels of staff to develop positive working relationships
  • Ability to continuously improve skillset to combat changing threat landscape
  • Excellent problem solving skills to diagnose technical issues
  • Manage customer situations professionally to aid in positive customer satisfaction
  • Ability to learn new technology and concepts quickly
  • Ability to work on a shift or on-call rotation if needed -- -- PREFERRED QUALIFICATIONS: --
    • Experience working in a mission critical operations team
    • Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge
    • Experience with enterprise SIEM products
    • Experience with ITSM, IT GRC, SOAR, and/or Cyber Case Management Tools
    • Scripting with Python, Perl, Bash and/or PowerShell
    • Database structures and queries, Regular Expressions
    • Experience acquiring and analyzing data from clients and servers related to security incident response
    • Digital Forensic or Threat Intelligence work -- -- EDUCATION and TRAINING:
      • BS degree in relevant field or 3 years equivalent work experience
      • IT, ITIL and Security related certifications desired
      • Recent CFCE/CCE/EnCE, CSFA or relevant active GIAC SANS certifications are desired
        • 
          --

Keywords: Secure-24, Southfield , Cyber Security Analyst, Professions , Southfield, Michigan