Previous Job
Previous
CW Information Security Analyst
Ref No.: 18-06803
Location: Plano, Texas
Position: Information Security Analyst
Location: Plano, TX
Duration: 6+ Months (W2 ONLY)

POSITION SUMMARY:


What are the key objectives for this resource (project summary)?
The key objectives for the Information Security Engineer position are to expand threat detection and prevention capabilities in existing and future Security tools.
The Engineer must be able to identify gaps in existing security configurations and provide effective recommendations to improve, remediate, and expand controls against cyber threats including but, not limited to performing forensic reviews to assist in discovering and mitigating threats and/or suspicious activities.
The Engineer must possess the ability to work independently and to be an agile learner.
This position should expect to liaise with numerous departments within the organization.

What specific Client departments will they interact with?
Information Security, IT, HR, Legal, etc.

How long is this project (please be specific)?
Long Term

Requirements:

Responsibilities include:
· Oversee, manage, and act as the subject matter expert for SIEM, Network IDS/IPS, other security applications.
· Design, configure, install and support security technologies as required to support threat mitigation efforts including but not limited to AV, DDOS, DLP, CASB, SIEM, Endpoint technologies, IDS etc.
· Analysis of security events and their resulting incident response execution within the Client Security Operations program.
· Evaluate security application events, threat intelligence feeds, software vendor announcements, and various sources of security monitoring data to gauge risk impact to the company.
· Conduct analysis, troubleshooting, and trending of incidents/events detected from SIEM, IDS/IPS, and other security applications.
· Perform Level 3 triage and handling of security events (escalated from Level 1 & 2 Security Analysts or other); includes but is not limited to identification, containment, remediation, and reporting activities.
· Assess and communicate threat intelligence to reduce risk exposure and to prepare for potential security breach attempts.
· Perform and schedule system/agent upgrades based on vendor support; apply patches, configurations, and hot-fixes as needed to remediate vulnerabilities or risks to the organization
· Perform complex technical analysis of malware samples, unauthorized software, and unusual end user/endpoint/network/mobile activity using industry standard forensics software applications
· Integrate new log sources in SIEM and document event log triage for SOC analysts
· Create custom rules, policies, alerts, etc. within the listed security applications based on stakeholder needs or situational conditions; will also modify existing configurations as-needed
· Create new and enhance existing procedures through documentation to improve operational efficiencies and reporting accuracy
· Develop detailed technical recommendations to solve current and future security issues; identify protection gaps and propose effective mitigating solutions
· Maintain technical design and architecture documents showing security systems, protocols, data flow, and related objects
· Maintain awareness of emerging threats against financial and affiliate verticals to ensure data protection, system integrity, and network availability
· Evaluate, design, implement, and configure new security products and technologies
· Coach and train staff to confidently and correctly use SIEM & Network IDS/IPS
· Develop, review, and maintain documentation for SIEM & Network IDS/IPS
· Provide input to the department strategy on data protection, malware detection, network security, forensics, logging and monitoring, and related functional areas

Must Haves:
· Experience with Linux & Windows OS
· A broad knowledge of security technologies, processes, and investigative skills
· Experience with creating and modifying Regular Expressions
· Proficient using Microsoft Office Suite (specifically Word, Excel, & Powerpoint)
· 1 year of SIEM operational experience is required; must have implemented and/or managed Qradar or a comparable SIEM tool (Archsight or Splunk); must possess strong technical knowledge of SIEM related architecture, system rules, etc.
· Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical/general terminology to various levels of management.
· Work well in team environments with internal and external resources as well as work independently on tasks.
· Excellent organizational, multi-tasking, and time management skills.
· Off-hour flexibility for supporting system upgrades and outages afterhours.

Preferred/ Nice-to-haves:
· A Bachelor's Degree in Computer Science or Engineering or equivalent experience.
· CISSP, CISA, CEH, OSCP, or other industry recognized security certification(s).
· Scripting experience desired (bash, powershell, python, etc.).
· Experience with RESTful API and automation.
· Cloud Security experience with AWS and/or Azure.