Security Operations Analyst

IT & Production Overland Park, Kansas


Join Informa/Penton at an exciting time.  In November of 2016 Informa acquired Penton Information Services, a US based company, adding just over 1,000 new colleagues to Informa. Globally Informa now has over 150 offices in more than 43 countries and employs 7,500 staff around the world.   www.informa.com and www.penton.com

The Security Operations Analyst actively seeks indicators of compromise that conventional information security processes cannot find and tracks threats and campaigns aimed at the company. They collate data, metrics and reports from across the IT environment and apply intelligent triage to alerts, to support necessary remediation or escalation as required. 

Key Responsibilities:

  • Responds to computer security incidents per the computer security incident response policy
  • Identify security threats and perform analysis of reported anomalies on Informa networks and systems
  • Initiate escalation procedures as required
  • Monitor information security alerts using Managed SIEM/SOC to escalate issues as needed
  • Operationalize actionable intelligence reports from available internal and external sources
  • Coordinate the initial workflow and response for varying case types with internal and external teams
  • Collaborate with operations support staff to ensure they are actively engaged in potential security threats and concerns
  • Provides guidance to first responders for handling information security incidents
  • Coordinates efforts among multiple business units during response efforts
  • Provides timely and relevant updates to appropriate stakeholders and decision makers
  • Provides investigation findings to relevant business units to help improve information security posture
  • Validates and maintains incident response plans and processes to address potential threats
  • Compiles and analyzes data for management reporting and metrics
  • Monitors information security related websites to stay up to date on current attacks and trends
  • Analyzes potential impact of new threats and communicates risks to relevant business units
  • Actively seeks to uncover indicators of compromise for which monitoring capabilities do not yet exist
  • Collects and aggregates information from a wide variety of sources and formats them for relevance to the organization’s environment
  • Creates hypothesis for analytics and testing of threat data
  • Maintains and enhances the documentation standard for discoveries and reporting of malicious tactics, techniques and procedures

Experience:

  • BS in Computer Science, Information Security, or a related field
  • CompTIA Security +
  • CEH
  • OSCP (Preferred)
  • Full understanding of TCP/IP
  • Full understanding of DNS
  • Full understanding of DHCP
  • Experience with IDS/IPS, Splunk, ELK Stack, Amazon Elasticsearch
  • General knowledge of Active Directory Architecture
  • 3 years of experience in information security, especially in an incident response role  
  • 3 years of experience with regulatory compliance and information security management frameworks (e.g., IS027000, COBIT, NIST 800, etc.)
  • 3 years of experience in an Enterprise working environment
  • Knowledge of ITIL principles
  • 3 years of experience with vulnerability management and penetration testing tools (Nessus Pro, Open Vas, Kali Linux, Hackertarget, Burp Suite)
  • Deep understanding of attack vectors
  • Optional: RHCE

Skills & Abilities:

  • Highest level of technical expertise in information security, including deep familiarity with relevant penetration and vulnerability scanning techniques and tools for the discovery of attack vectors
  • Excellent investigative skills, insatiable curiosity and innate drive to win
  • Instinctive and creative with the ability to think like the enemy
  • Strong problem solving and troubleshooting skills
  • Deep knowledge of hacker culture
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • An understanding of organizational mission, values, and goals and consistent application of this knowledge
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to work extremely well under pressure while maintaining a professional image and approach
  • An ability to perform independent analysis of complex problems and distill relevant findings and root causes
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • A team-focused mentality with the proven ability to work effectively with diverse stakeholders
  • Ability to work alone/not directly supervised and prioritize workload effectively

If you are interested in joining our dynamic organization, we would enjoy speaking with you about the opportunities available to join our team.  EOE