Previous Job
Cyber Incident Analyst
Ref No.: 17-04054
Location: Tampa, Florida
Position Type:Contract to hire
Department/Area Function:
The Cyber Security Incident Response Team (CSIRT) is primarily responsible for the preparation, detection and analysis, containment, eradication, recovery, and post-incident activity related to cyber-incidents. Cyber Incident Response combines a series of technical and non-technical components to establish the recommended cyber-incident response, coordination, and resolution actions.
Position Title: Cyber Incident Analyst
Position Summary:
The incumbent will perform cyber-incident detection and analysis activities through the monitoring of security appliances, such as, SIEM, IDS/IPS, Data Loss Prevention. The Cyber Incident Analyst will conduct analysis of cyber alerts to include root cause, escalation, and reporting based on the guidelines provided to them.
Principal Responsibilities:
  • Performs day to day monitoring of information security appliances, including reviewing, analyzing and interpreting cyber-alerts and events from various systems to identify cyber intrusions or data loss,
  • Escalate confirmed suspicious events and / or system compromises for review and follow-on escalation for containment, eradication, and recovery,
  • Services monitored will include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP)
  • Performing analysis on phishing emails and associated malware,
  • Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst operating procedures,
  • Create and implement standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines,
  • Keep abreast of emerging cyber threats and vulnerabilities to maintain situational awareness and apply lessons learned to current procedures,
  • Performing content development for new alerting within different tools to include development, testing, and documentation
  • Working knowledge of various security methodologies and processes, and technical security solutions (i.e. firewalls, proxies, and intrusion detection systems)
  • Knowledge of TCP/IP Protocols, network analysis, and network/security applications,
  • Working knowledge of malware analysis using Sandbox technologies,
  • Working knowledge with analyzing cyber-alerts and events to determine root cause
Knowledge and Skills Required:
  • Ability to work collaboratively with internal and external departments, vendors, and participants,
  • Outstanding time management and problem-solving skills, attention to detail, and ability to meet deadlines,
  • Excellent written and verbal communication skills,
  • Ability to work independently; self-starter
Education, Training &/or Certification:
  • 5+ years in Information Security,
  • Minimum 3 years working as an IS Analyst in a SOC environment,
  • Security certification(s) and/or official training, such as GCIH, CSIH, ECSA, CHFI, ECIH, CEH or similar required.
Third Party Applications Not Accepted