Analyst, Security Operations

We are seeking an Analyst Security Operations professional to report to the Manager of Security Operations. This role is responsible for the management, deployment, and continuous improvement of the tools and processes leveraged by the Cyber Incident Response Team (CIRT).

The successful candidate should be knowledgeable in security incident response, typically possessing 3–5 years of information security and IT systems experience with a strong focus on Incident Response. The role requires strong coordination, communication, and collaboration skills, alongside a solid technical and architectural understanding. Day-to-day activities include assisting with incident identification and response, conducting research and development in cybersecurity, and proactively proposing improvements to reduce risk and strengthen the security posture and response capabilities against cyber-attacks.

Responsibilities:

• Independently lead computer incident investigations, determining the cause of the security incident and preserving evidence for potential legal action.
• Leverage, implement, and fine-tune Incident Response tools utilized to proactively hunt for indications of compromise.
• Conduct in-depth analysis of cyber threat data, including identifying active security threats, developing new analytic methods, reverse engineering malicious code, and documenting results in reports and presentations.
• Maintain a functional Cyber Incident Response lab designed to safely and accurately aid the team’s ability to analyze threats.
• Backup the Security Operations Manager and serve as the Technical IR Commander when needed or by rotation. When acting as IR Commander, lead the response to Cyber Security threats and incidents for the collection, analysis, and preservation of digital evidence.
• Execute, develop, and document Incident Handling Guides.

Qualifications:

• Minimum 3–5 years of experience in Information Security.
• Bachelor of Science Degree with a concentration in Computer Science, Information Technology, or equivalent prior work experience in a related field.
• One or more industry certifications (or achieve within 6 months): CISSP, GCED, CEH, GCIH, GCFA, GCFE, etc.
• Knowledge of Endpoint Detection & Response (EDR) tools (CrowdStrike preferred).
• Knowledge of the Windows Operating System, including Windows Firewall, Registry, Group/Local Policy, and Active Directory.
• Knowledge of Splunk and writing SPL (Search Processing Language).
• Experience in Vulnerability Assessment, IDS/IPS configuration/monitoring, E-Mail security, Firewalls, TCP/IP packet analysis, Log analysis, understanding of IT standards (including the OSI model), and methods of exploiting those standards.
• Knowledge of Information Security products and systems (Forensics toolkits, EDR, IDPS, HIPS, SIEM, etc.).
• Extensive knowledge and understanding of operating system internals, network security architecture, and protocol analysis.
• Knowledge of networking protocols and authentication methods.
• Proficient in at least one scripting and/or object-oriented language such as Perl, Python, Visual Basic, PowerShell, & C++.
• Proficient in at least one means of transactional data processing and/or data manipulation such as Transact-SQL, MySQL, Oracle, GREP, REGEX, & SPL.
• Familiar with the most common forms of web development such as HTML, XML, PHP, Java, & .net.
• Familiar with current Pen Testing techniques and tools such as Kali Linux, Pass the hash, hashcat, & Metasploit.
• Understanding of incident response methodologies and technologies.
• Understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation.
• Strong analytical skills, creative thinking, and knowledgeable of security operations.
• Willing to participate in on-call rotation for emergency cyber security situations.
• Strong communication skills, including experience in authoring and editing technical reports and collaborating with technical analysts.