As a Senior Information Security Operations Analyst, you will lead the strategic development, implementation, and adoption of the overall Information Security Program.
You will lead the investigation and resolution of security events and incidents sourced from log management tools and end-user initiated inquiries and incidents.
An important aspect of your role, is to partner with different business units to identify and assess impacts and risks and to lead the Incident Response and Security Awareness processes commensurate with those impacts and risks.
Essential Functions:
-
Plan and execute incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress, illuminating issues and possible solutions.
-
Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
-
Participate in incident response and postmortem exercises, with a focus on creating measurable key performance indicators and reports to show progress, illuminating issues and possible solutions.
-
Perform system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with defined policies, standards and procedures of the organization, as we'll as with industry best practices and vendor guidelines.
-
Perform and/or participate in threat assessments, vulnerability management, security awareness training and audits. In some cases, perform appropriate remedial action to ensure that systems are protected from known and potential threats and vulnerabilities.
-
Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.
-
Cross train team members in the use of security tools, the preparation of security reports and the resolution of security issues.
-
Research, recommend, evaluate and implement security solutions, automation, and documentation, that identify and/or protect against potential threats, and respond to security violations.
Knowledge, Skills, and Abilities :
Knowledge:
-
Strong knowledge of information security principles and operations, including risk assessment and management, threat and vulnerability management, incident response, TTPs (tactics, techniques, and procedures), and identity and access management.
-
In-depth technical knowledge of security-related systems and applications, such as SIEMs, EDRs and MDRs.
-
Strong understanding of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts.
-
Working technical knowledge of current operating systems, protocols, and standards.
Skills and Abilities:
-
Proficient use and optimization of security information and event management (SIEM) systems, threat intelligence platforms, security automation and orchestration solutions, and other network and system monitoring tools.
-
Ability to develop, document, and maintain security procedures and processes.
-
Excellence in communicating business risk from cybersecurity issues.
-
Demonstrated ability to utilize a range of inventory management, vulnerability scanning solutions and penetration testing systems.
-
Experience working with and optimizing systems and process improvements.
-
Experience driving measurable improvement in monitoring and response capabilities at scale.
-
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
-
Experience working with security framework
Education and work experience required:
-
bachelors Degree in Computer Science, Management Information Systems, Information Security or a relevant field or equivalent experience
-
5+ years of experience in information security or related field
-
Security+/SANS/CISSP/CISM certification and an ambition to pursue additional relevant security certifications
