Security Monitoring Analyst
Description
As a Security Analyst on the Information Security Operations team, you will be tasked with creating a pipeline of security system logs relevant to consistently generating high-quality and actionable threat detections across the company. This will be done in conjunction with a Managed Detection and Response (MDR) vendor who will help monitor our environment on a 24/7 basis.
Responsibilities
Contribute to the development and improvement of Security Monitoring processes and tools. This will involve staying abreast of the latest security technologies and trends and recommending improvements to existing security infrastructure. Proactive Threat Monitoring: Monitor network traffic, system logs, and security alerts to identify potential threats and anomalies. This will involve utilizing various security information and event management (SIEM) tools, intrusion detection systems (IDS), and other security monitoring technologies.
Develop and refine detection rules and signatures to improve the efficiency and effectiveness of threat detection systems. This will involve staying abreast of the latest threat intelligence and attack techniques.
Analyze security events to verify and assess the initial scope, impact, and root cause of security alerts. This will require in-depth knowledge of network protocols, authentication mechanisms, operating systems, and common attack vectors.
Identify processes that can be automated and orchestrated to ensure maximum efficiency of operational resources, reducing manual repetitive tasks where possible.
Exhibit hands-on experience with security monitoring and incident response tools and technologies, including SIEM platforms, intrusion detection systems, and endpoint detection and response (EDR) solutions.
Qualifications
BA/BS in Engineering, Computer Science, Information Security, or Information Systems, related work experience, or proven, demonstrable experience or skills in cybersecurity via Capture the Flag competitions or games, hacking platforms, or home Labs.
Typically requires 3-5+ years’ of hands-on experience in a similar security role.
Excellent investigative skills with the ability to think like an adversary.
Strong problem-solving and troubleshooting skills.
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
Self-motivated and possessing a high sense of urgency and personal integrity.
High ethical standards and values.
Able to define and refine operational procedures, workflows, and processes to support the team in consistently executing monitoring and detection with quality.
Good understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including but not limited to MITRE ATT&CK, OWASP, ISO2700x series, PCI DSS, and NIST standards.
Strong communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
Demonstrate proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automating security tasks and analyzing data.
Possess a working knowledge of network infrastructure and communication protocols, including TCP/IP, DNS, and HTTP.
Experience working with cloud security platforms (e.g., AWS, Azure, GCP) would be highly desired.
Relevant cybersecurity certifications (e.g., Security+, GSEC, etc.) are valued.
Knowledge of threat intelligence platforms and techniques is beneficial.
Will be required to undergo and satisfactorily pass a fingerprint background check in accordance with CJIS requirements.