Senior Cyber Security Analyst

Company Details

Engineering Better Outcomes

Job Designation

The role of the Senior Cyber Detection and Response Analyst is to act as a lead incident responder and analyst for cyber security incidents, as well as to manage key Detection and Response Team (DART) technologies, such as SIEM, SOAR, and NGAV/EDR tools. The Senior Cyber Detection and Response Analyst is expected to be involved and in the full incident response lifecycle, from preparation for cyber security incidents, through detecting, managing and resolving ongoing incidents, and finally reporting on those incidents and identifying improvements and lessons learned.

Job Core Responsibilities

  • Identify and manage cyber security incidents following ITG procedures based on NIST frameworks.
  • Record and report on cyber security incidents, including recommendations for improvements in both ITG technologies and procedures to prevent re-occurrence.
  • Manage and administer key DART tools (SIEM, SOAR, NGAV/EDR) in co-ordination with third parties and other teams and team members, ensuring monitoring commitments are met.
  • Keep up to date on the evolving cyber security threat landscape and ensure ITG technologies and procedures are capable of detecting and preventing relevant threats.
  • Act as an escalation point, leader and mentor for other members of the DART.
  • Identify and implement improvements to cyber security tools and alert sources to improve detection of attacks and reduce false positives.
  • Offer guidance to other teams on security best practices and configuration changes to improve security of ITG technologies.

Job Specifications

  • Industry recognized information security certification(s), such as GIAC, CompTIA Sec+/CySA+ preferred.
  • Relevant certifications in technologies such as Splunk, Phantom, and Carbon Black useful.
  • 4+ years of experience in Information Security Operations and Incident Response

Skills:

  • Ability to understand and follow specific instructions and procedures
  • Ability to research and analyze data effectively
  • Ability to gather data, to compile information, and prepare reports
  • Good/Strong/Excellence verbal and written communication skills
  • Ability to influence stakeholders
  • Well-organized, detail-oriented, and ability to multi-task
  • Ability to work independently and prioritize duties with minimal supervision, in order to meet deadlines
  • Decision making skills
  • Strong computer skills, including proficiency with Microsoft Word, Excel, PowerPoint, Access, Outlook, and web-browsers
  • Intermediate level knowledge of PC software applications and strong understanding of PC operating systems
  • Knowledge of the following communication and connectivity systems required: Microsoft TCP/IP, networking protocols, network printing / printer troubleshooting, file sharing, Internet application connectivity
  • Knowledge of Microsoft technologies (SQL Server 2008 (or newer)
  • Knowledge of Windows Server components including the registry, file systems, services, and system management tools
  • Extensive knowledge of information and cyber security incident response procedures and frameworks (especially NIST frameworks).
  • Good understanding of TCP/IP networking and other networking protocols.
  • Good knowledge and understanding of scripting languages such as Python and PowerShell and experience writing scripts in these languages.
  • Experience working with Splunk and/or other SIEM technologies
  • Experience with Splunk administrative tasks such as data onboarding and platform configuration is preferred.
  • Experience working with Splunk Phantom and/or other SOAR technologies is preferred.
  • Experience working with Carbon Black and/or other NGAV/EDR technologies.
  • Good understanding of email security protocols and email analysis.
  • Good understanding of other security technologies, such as firewalls, IDS/IPS, email security gateways, and an ability to work with and analyze logs from these technologies.
  • Experience working with a Microsoft Active Directory (AD) and Windows environment, and an ability to analyze and investigate Windows and AD logs.
  • Experience working with Linux/Unix based systems and logs.

Tagged as: python, siem, powershell, soar, ngav/edr

Visit us on LinkedInVisit us on FacebookVisit us on Twitter