Our Client is a Billion Dollar start-up unicorn that focuses on Business Continuity and Disaster Recovery solutions. Since established in 2007 they have grown to about 5000 employees with over 22 offices around the world.
They are currently looking for an Intrusion Monitoring Analyst to enhance their existing security event monitoring practices as an essential member of the security operations program. The Intrusion Monitoring Analyst will partner with engineering teams to advance intrusion monitoring visibility, workflows, and program capabilities. The role will report to the head of security operations. This is a hands-on technical individual contributor role that will work with a variety of tools to protect the enterprise and offer both monitoring and engineering experience. You are an ideal candidate if you have experience in intrusion monitoring and incident response and want to improve a program, gain security engineering experience, and perform incident response in a large-scale environment.
Does This Describe You:
You are a self-motivated strategic thinker, passionate for intrusion analysis, and you're devoted to learning everything you can about the way attackers compromise companies and how to detect them.
A Look Inside the Job:
Perform the intrusion analysis and daily monitoring responsibilities of a security operations analyst
Research, create, test, and tune custom correlation rules in a variety of security controls.
Provide support to security engineering projects of varying size and technical complexity to enhance the intrusion monitoring posture
Establish process and documentation that support achievement of compliance programs
Create, maintain and execute incident response playbooks
Manage workflow automation, threat intelligence, and case management life cycles
Stay up-to-date with news and trends in information security including new vulnerabilities, methodologies, and products
Bachelor's degree in computer science, information technology, management information systems or equivalent work experience
1-3 years of experience in a security event analysis, intrusion monitoring, or incident response role
Direct hands-on working knowledge with a variety of security technologies including UTM, NGAV, SIEM, IDS/IPS, EDR, DLP, CTI, UEBA, SOAR
Solid understanding of network protocols, architecture, and network analysis techniques
Solid understanding of correlating host-based logs and/or telemetry
Solid understanding of kill chain analysis and identifying anomalous behavior
Experience using commercial and open source threat intelligence resources
Experience analyzing Linux systems and environments for malicious activity
Familiar with SANS 20 Critical Controls, OWASP Top 10, Lockheed Cyber Kill Chain, Mitre Telecommunication&CK, and other frameworks
Relevant security certification such as GCIA, GNFA, GCIH, GCFE, etc
Relevant systems certification such as MCSA, MCSE, RHCSA, or LPIC
Experience with scripting and system automation (Bash, Python, Perl, Awk, etc.)
Experience with disk/memory forensics and/or malware reverse engineering