Cybersecurity Analyst

Defensive- Blue Team Mettawa, Illinois


Description

DOT Security Logo

DOT Security’s mission is to improve the security posture of client organizations by providing detection, response, risk management, and compliance services as identified and required. DOT Security will implement processes, technology, and subject matter expert personnel to monitor and respond to client needs in the cybersecurity and compliance space. Working with client organizations, DOT Security will continuously measure and improve internal processes and technology, which will translate to improved services provided to the client.

DOT Security is seeking team members who are passionate about Cybersecurity, detailed-oriented, desire for continuous learning, and enjoys working in a collaborative environment. We provide our employees with a career progression path, that challenges our team to grow as cybersecurity professionals with strong cybersecurity skills. As a member of Dot Security, you will get the opportunity to work from a brand-new, state of the art Security Operations Center (SOC) facility.

What you will be doing:

As a Core Cybersecurity Analyst, you’ll be on the front lines of defense, working with a highly motivated team that is focused on analyzing, developing, and delivering solutions to stop adversaries.  You will be responsible for diligently working on alerts from various defensive security systems/tools (e.g. IDS alerts, firewall, and network logs) to analyze and determine if the alerts represents a threat.


Responsibilities

  • Monitor and analyze real-time alerts from our SIEM and other security tools to determine possible causes of such alerts.
  • Ability to evaluate and investigate network traffic, read, interpret logs, and packet captures
  • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
  • Provide timely detection, investigation, identification, and alerting of possible attacks/intrusions, anomalous activities, misuse activities and distinguish these incidents and events from benign activities.
  • Document investigation and analysis actions to effectively communicate information to both internal and external stakeholders
  • Evaluate and escalate events and incidents based on established escalation procedures, playbooks, etc.
  • Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
  • Contribute to projects that enhance the security posture for our customers environment
  • Tune security tools for blocking and reporting based on customers’ business needs
  • Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
  • Investigate phishing emails

Things We Are Looking For
  • Strong critical thinking and problem-solving skills
  • Strong written and verbal communication skills with the ability to effectively communicate to non-technical stakeholders
  • Knowledge of current threats and vulnerabilities
  • System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Experience working and applying Mitre ATT&CK framework
  • Understanding of Traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Experience with Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, virtual private networks, encryption).
  • Knowledge of encryption algorithms
  • Ability to analyze malware
  • Must be knowledgeable and have hands-on experience with a Security Information and Event Monitoring (SIEM) platforms or log management systems

Education

  • Bachelor's degree in Computer Science, Information Security, Information Technology, or Cybersecurity (college degrees may be substituted for three years of relevant work experience)
  • Master’s degree or four years of relevant work experience

Experience

  • Two or more years of Cybersecurity, or related experience

Certifications

 A Core Cybersecurity Analyst should have at least one of the following certifications:

  • CompTIA Security +
  • CompTIA Cysa+


Benefits


  • 20 days of PTO
  • 12+ paid holidays
  • Flexible Sick Day Policy
  • Paid Maternity & Paternity Leave
  • Comprehensive Health, Disability Life, Dental and Vision Plans
  • 401(K) match & retirement plans
  • Student Loan reimbursement
  • On-going training & development opportunities