Previous Job
Previous
Security Tier 2
Ref No.: 18-05324
Location: RTP, North Carolina
Segment:Commercial
JPAS:NO
The Information Security Analyst is adept with information security alerting, threat trends, security event telemetry, intrusion analysis, malware, and anomalous behavior. The analyst reviews security alerts and correlates telemetry to discern whether the traffic is malicious and actionable, then quickly resolves alerts through escalation to investigator or suppression as false positives. The analyst directs his work according to the Client Operations Playbook, and hunts through large volumes of alerts and telemetry to find security breaches. The analyst constrains his investigation to a brief review, escalating cases requiring more detailed investigation and suppressing the rest. The analyst works in an assigned shift, and is required to be present physically and via secure messaging such as IRC and Cisco Jabber; constant interaction with the SOC staff is required.

Duties:

Align security alert review and hunting to prescribed Client Ops Playbook
Conduct limited investigations into security breaches at customer sites using high-fidelity alerts and tools within customer environment, Cisco, and online.
Review alerts generated by security detection tools, correlate with device logs, packet capture, and all forms of telemetry; interpret data
Maintain p-to-date information in alert handling tools
Where customer SLA governs timing, the analyst must work within the timing bounds to acknowledge and resolve alerts
Vigilantly protect customer data, ensuring proper handling and protection electronically, physically, and verbally
Work in assigned shift; ensure shift is covered personally or attended by an alternate

Technical Skills:

Detailed understanding of TCP/IP
Understanding of Windows and Unix operating systems
Experience scripting in shell, perl, or Python
Understanding of the typical attack chain
Understanding of common malware
Understanding of the common technologies found in enterprise IT environments including datacenter and Internet edge technologies
Sourcefire Certified Professional (SFCP)

Desired Qualifications and Skills:

BA/BS degree with 2-4 years of IT or security experience
GCIA or GCIH certification
SOC Exp
Sourcefire Certified Expert (SFCE)
Experience with Snort or other intrusion detection tools
Experience with anomaly detection, full-packet capture
Experience with ElasticSearch, NetFlow, Silk, Solera, and OpenSOC components

Additional Skills:

Strong teamwork
Self-discipline to work according to playbook and time requirements