IT Cyber Defense Analyst

Experience:


* 2 - 4 years of experience in Security Operation Center (SOC), Cyber Security, and Information Security within an enterprise environment.


* Experience with Windows and Linux, server and application hardening process.


* Experience supporting one or more information security technologies.


* Mandatory experience in Azure, EDR, XDR (Crowdstrike, Windows Defender), SOAR, SIEM Tools (e.g., Splunk, Rapid7, ArcSight, McAfee Nitro), Palo Alto, Cisco and one of the following: IDS/IPS, database activity monitoring, multi-factor authentication, web content filtering, encryption, and encryption key management, DLP, change detection.


* Working knowledge of TCP/IP stack & familiarity with common protocols e.g., HTTP, FTP, SMTP, DNS.


* Familiarity with network and application threats such as DoS/DDoS, SQL injection, XSS, reconnaissance scanning, and methods to avoid detection.


* Working knowledge of compliance, and regulatory requirements, such as Payment Card Industry (PCI), Sarbanes-Oxley (SOX), and Healthcare Information Privacy Protection Act (HIPAA).


* Experience with vulnerability scanning tools such as Nessus, Acunetix, Qualys, or Metasploit a plus.


* Have scripting experience with Bash, PowerShell, or Python and the ability to use these skills to aid in responding to incidents involving Windows, Linux, and Mac hosts.


* Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain.


* InfoSec certification are a plus such as CISSP, CompTIA Security+, GIAC Security Essentials, & CEH


* Have strong oral and written communication skills Strong interpersonal and leadership skills.

Responsibilities:


* Triage security incidents identified by SOC analysts.


* Identify enhancement to rule sets and other tool optimization to automate reporting and reduce false positives in unified SIEM and review with manager / senior team members for implementation.


* Coordinate with SOC manager to escalate security issues to other business units including solutions development, customer hosting and corporate IT.


* Collaborate with business units to prioritize vulnerability remediation and execution of planned activities.


* Subscribe to threat intelligence services and monitor vendor alerts for major vulnerability disclosures.


* Monitoring of advanced security tools, perform analysis of dissimilar indicators, correlation of multiple sources, alert & coordination of security incidents across the environment.


* Review & analyze system logs and third-party management products to preemptively detect, take defined corrective actions and alert process/system owners to new issues.


* Assist with creation and maintenance of security incident response procedures.


* Participate in research and assist implementation of security tools used by SOC team.


* Assist SOC manager with dashboards and business reporting.


* Ready to work in rotational 24/7 shift.