Information Security Analyst
The key objectives for the Information Security Engineer position are to expand threat detection and prevention capabilities in existing and future Security tools. The Engineer must be able to identify gaps in existing security configurations and provide effective recommendations to improve, remediate, and expand controls against cyber threats including but, not limited to performing forensic reviews to assist in discovering and mitigating threats and/or suspicious activities. The Engineer must possess the ability to work independently and to be an agile learner. This position should expect to liaise with numerous departments within the organization.
- Oversee, manage, and act as the subject matter expert for SIEM, Network IDS/IPS, other security applications
- Design, configure, install and support security technologies as required to support threat mitigation efforts including but not limited to AV, DDOS, DLP, CASB, SIEM, Endpoint technologies, IDS etc.
- Analysis of security events and their resulting incident response execution within the Company Security Operations program
- Evaluate security application events, threat intelligence feeds, software vendor announcements, and various sources of security monitoring data to gauge risk impact to the company.
- Conduct analysis, troubleshooting, and trending of incidents/events detected from SIEM, IDS/IPS, and other security applications
- Perform Level 3 triage and handling of security events (escalated from Level 1 & 2 Security Analysts or other); includes but is not limited to identification, containment, remediation, and reporting activities
- Assess and communicate threat intelligence to reduce risk exposure and to prepare for potential security breach attempts
- Perform and schedule system/agent upgrades based on vendor support; apply patches, configurations, and hot-fixes as needed to remediate vulnerabilities or risks to the organization
- Perform complex technical analysis of malware samples, unauthorized software, and unusual end user/endpoint/network/mobile activity using industry standard forensics software applications
- Integrate new log sources in SIEM and document event log triage for SOC analysts
- Create custom rules, policies, alerts, etc. within the listed security applications based on stakeholder needs or situational conditions; will also modify existing configurations as-needed
- Create new and enhance existing procedures through documentation to improve operational efficiencies and reporting accuracy
- Develop detailed technical recommendations to solve current and future security issues; identify protection gaps and propose effective mitigating solutions
- Maintain technical design and architecture documents showing security systems, protocols, data flow, and related objects
- Maintain awareness of emerging threats against financial and affiliate verticals to ensure data protection, system integrity, and network availability
- Evaluate, design, implement, and configure new security products and technologies
- Coach and train staff to confidently and correctly use SIEM & Network IDS/IPS
- Develop, review, and maintain documentation for SIEM & Network IDS/IPS
- Provide input to the department strategy on data protection, malware detection, network security, forensics, logging and monitoring, and related functional areas
- Experience with Linux & Windows OS
- A broad knowledge of security technologies, processes, and investigative skills
- Experience with creating and modifying Regular Expressions
- Proficient using Microsoft Office Suite (specifically Word, Excel, & Powerpoint)
- 1 year of SIEM operational experience is required; must have implemented and/or managed Qradar or a comparable SIEM tool; must possess strong technical knowledge of SIEM related architecture, system rules, etc.
- 1 Year NIDS/NIPS (Symantec and/or McAfee preferred) operational experience including deployment, event analysis, maintenance, and upgrades.
- Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical/general terminology to various levels of management
- Work well in team environments with internal and external resources as well as work independently on tasks
- Excellent organizational, multi-tasking, and time management skills'
- Off-hour flexibility for supporting system upgrades and outages after hours
- A Bachelor' s Degree in Computer Science or Engineering or equivalent experience
- CISSP, CISA, CEH, OSCP, or other industry recognized security certification(s)
- Scripting experience desired (bash, powershell, python, etc.)
- Experience with RESTful API and automation
- Cloud Security experience with AWS and/or Azure