Senior Security Operations Analyst
About Us:
Newfold Digital (with over $1b in revenue) is a leading web technology company serving nearly seven million customers globally. Established in 2021 through the combination of leading web services providers Endurance Web Presence and Web.com Group, our portfolio of brands includes: Bluehost, Crazy Domains, HostGator, Network Solutions, Register.com, Web.com and many others. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs.
Job Summary
Security Operations Analyst is responsible for day-to-day security threat monitoring and analysis. The Security Operations Analyst manages security incidents and reviews security alerts for compliance and will work with senior analysts on known or suspected security threats. Security Operations Analyst will work on threat intelligence, forensics and incident response that adhere to best practices and recognized control frameworks. Security Operations Analysts are expected to work shifts and be assigned to on-call duties, as necessary, to support the global enterprise.
Advanced professional role requiring high skill with extensive proficiency. Works independently with only administrative supervision and the ability to overcome major obstacles and recognize early when issues should be escalated, or a senior peer needs to be consulted. Wide latitude for independent judgment and is expected to provide guidance and cross training to others. Effectively communicates with all levels of technical and non-technical personnel. Consults with senior peers on moderate to complex processes to learn through experience. Typically requires a minimum of 5 - 7 years of experience in security-related fields or related disciplines.
What you’ll do?
General Duties and Responsibilities

Security Operations Analyst duties and responsibilities include:

• Take actions to identify, assess, and contain threats to enterprise systems, infrastructure, and business applications.
• Manage and support the log collection, security scanning, intrusion detection, content filtering, and other security-related systems.
• Review and triage information security alerts, provide analysis, determine, and track remediation, and escalate as appropriate.
• Provide support for the log management and security information and event management (SIEM) solutions.
• Ensure authorized access by investigating improper access, revoking access, reporting violations, and monitoring information requests.
• Detect and respond to malicious behavior on public cloud, workstations, and server environments, and distributed networks.
• Optimize threat detection and alerting for data loss prevention (DLP), email protection solutions, endpoint detection and response (EDR) and threat hunting solutions, cloud and workload security products, intrusion prevention/detection systems, firewalls, and other industry standard security technologies.
• Proactively hunts for threats within complex and distributed networks across the enterprise.
• Write, update, and maintain detection signatures and signals, tune systems/tools to optimize detections, and develop automation scripts and correlation rules.
• Maintain knowledge of adversary tactics, techniques, and procedures (TTP) and available threat intelligence to develop and implement detection and mitigation strategies.
• Conduct forensic analysis and review on systems and engage with third-party resources as required.

Educational and Certification Requirements
A degree in Cybersecurity, Information Technology, Computer Science, or related field is desirable.
Industry recognized certifications are a plus. Certifications may include: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), CompTIA Security+, certifications issued by the SANS Institute, etc.
Certifications issued by public cloud providers (AWS, Azure, Google, Oracle, etc.) is a plus.
General Knowledge, Skills, and Abilities

As well as formal qualifications, a Security Operations Analyst should possess:

• Experience in forensics, malware analysis, threat intelligence.
• Ability to understand, modify and create threat detection rules within a SIEM.
• Understanding of log collection and aggregation techniques such as Elasticsearch, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
• Knowledge and experience with both Windows and Linux operating systems.
• Experience using Python, Perl, PowerShell, or an equivalent scripting language.
• Experience with the MITRE ATT&CK framework tactics and techniques.
• Experience with network forensics and associated toolsets and analysis techniques.
• Experience with host-based detection and prevention solutions.
• Ability to reverse engineer malware is a plus.
• Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities.
• Ability to quickly create and deploy countermeasures or mitigations under pressure.
• Experience with incident response and incident management procedures.
• Build effective relationships. Develop and use collaborative relationships to facilitate the accomplishment of work goals.
• Experience with the PCI-DSS, ISO-27001, and/or SOC II compliance frameworks is a plus.
• Experience implementing and measuring security controls aligned with NIST 800-53 and the Center for Internet Security (CIS) is a plus.
• Project Management skills is a plus.
• Experience with the following technologies is a plus: SentinelOne Singularity Platform, Tanium, Google Chronicle SIEM, Cloudflare L3-L7 security technologies, Atomicorp (ModSec), Tenable.io, Lacework, Recorded Future, ServiceNow, Jira, Microsoft Defender for Endpoints, Microsoft Security and Compliance, Virus Total, SiteLock, Monarx, NGNIX.
• Experience with the native security service solutions for public cloud service providers (AWS, Google, Azure, Oracle) is a plus.

In this era of COVID-19, we believe in putting our employees first and keeping them safe. We were one of the first technology companies to make significant changes to our office environments and team interactions, including mandatory working from home and safety procedures to enter our office space. We are committed to not require any face-to-face interaction for our employees until the data shows it is entirely safe for our teams. Here is just a snippet of

what we think you’ll love:

• Grow together. Our exciting virtual learning & development programs never cease to amaze us.
• Participate in our Expert Speak sessions/E-learning courses to grow professionally & personally.
• Work with creative & innovative teams. We believe in hiring the best of the best and are proud of being surrounded by people who think out of the box to only better our products, work & customer experiences.
• Did someone say free domain? Building a community one domain at a time, one employee at a time.
• All our employees are eligible for a free domain and WordPress blog as we sponsor the domain registration costs.
• Leave your worries aside! Juggling the demands of career and personal life can be stressful and challenging but don’t worry! Our employee’s assistance program services provide free, confidential, short-term counselling. This benefit is also extended to an immediate family member

• Take actions to identify, assess, and contain threats to enterprise systems, infrastructure, and business applications.
• Manage and support the log collection, security scanning, intrusion detection, content filtering, and other security-related systems.
• Review and triage information security alerts, provide analysis, determine, and track remediation, and escalate as appropriate.
• Provide support for the log management and security information and event management (SIEM) solutions.
• Ensure authorized access by investigating improper access, revoking access, reporting violations, and monitoring information requests.
• Detect and respond to malicious behavior on public cloud, workstations, and server environments, and distributed networks.
• Optimize threat detection and alerting for data loss prevention (DLP), email protection solutions, endpoint detection and response (EDR) and threat hunting solutions, cloud and workload security products, intrusion prevention/detection systems, firewalls, and other industry standard security technologies.
• Proactively hunts for threats within complex and distributed networks across the enterprise.
• Write, update, and maintain detection signatures and signals, tune systems/tools to optimize detections, and develop automation scripts and correlation rules.
• Maintain knowledge of adversary tactics, techniques, and procedures (TTP) and available threat intelligence to develop and implement detection and mitigation strategies.
• Conduct forensic analysis and review on systems and engage with third-party resources as required