Cyber Security Analyst

at  Bridgehead IT

Position Summary:
Cyber security analysts are responsible for managing, monitoring, troubleshooting, and protecting the security of the internal environment and that of our customers in real time. The Cyber Security Analyst is tasked with providing technical expertise in all areas of network, system, and application security. In this position the Cyber Security Analyst must effectively correlate and analyze security events within the context of a client’s unique environment to proactively detect threats and mitigate attacks before they occur. This role will respond to events according to documented procedures and industry best practices. The responsibilities for this position must extend to leading multiple security incident investigations at once. The Analyst must report all possible security incidents, potential breaches, attacks, threats, and evidence of compromise.

EDUCATION AND EXPERIENCE:

• Bachelor’s degree in Computer Science, Information Systems, or equivalent education or work experience.
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
• Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations.
• Experience with vulnerability scanning solutions.
• Proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security
• In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Azure Sentinel, Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk, etc)
• Experience developing and deploying signatures (e.g. YARA, Snort, Suricata, HIPS)
• Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands.
• Experience with Office 365 and Azure with a heavy focus in security-based functions and best practices.

Skills and Qualifications:

• Ability to work independently and with a team.
• Ability to Write detailed, concise, and accurate reports.
• Working knowledge of cybersecurity monitoring tools
• Working knowledge of security incident and event monitoring (SIEM)
• Working knowledge of end-point security tools
• Incident response and investigations experience.
• Vulnerability assessments and conducting relevant incident response

• Perform initial analysis of security events and network traffic.
• Safeguards information system assets by identifying and solving potential and actual security problems.
• Protects systems by implementing defined access privileges, control structures, and resources.
• Completing written reports in compliance with current reporting procedures and policies.
• Ability to interact with and lead discussions with business executives across different functions and lines of business.
• Effectively communicates investigative findings to non-technical audiences.
• Incident response and conducting investigations as events happen through analyzing logs from various sources.
• Ensuring the security technology provided by the organization is performing to optimal standards with customers.
• Gain knowledge of existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.
• Maintain an awareness of industry challenges and advancements to add value to existing technologies and processes used within the team.
• Maintain knowledge of industry trends and current security practices by attending educational workshops and reviewing relevant publications on a regular basis.
• Effectively apply information security theories and concepts to specific circumstances.
• Recognizes problems by identifying abnormalities/reporting violations.
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Determines security violations and inefficiencies by assisting with periodic audits.
• Upgrades systems by implementing and maintaining security controls.
• Keeps users informed by preparing performance reports and communicating system status.
• Maintains quality service by following organization standards.
• Assists with incident response and remediation.
• Effectively track time spent and keep accurate notes for work performed.
• Performs other related duties as assigned.

Skills and Qualifications:

• Ability to work independently and with a team.
• Ability to Write detailed, concise, and accurate reports.
• Working knowledge of cybersecurity monitoring tools
• Working knowledge of security incident and event monitoring (SIEM)
• Working knowledge of end-point security tools
• Incident response and investigations experience.
• Vulnerability assessments and conducting relevant incident response.