Posting ID: JP-002663139
GENERAL SUMMARY: The Cyber Security Analyst is responsible for contributing to the day-to-day functions within cyber security operations. As a member of the Cyber Threat Monitoring team, this incumbent is responsible for coordinating a continuous hunt across a global network leveraging enterprise wide capabilities to search for indicators of compromise. Additionally, this candidate would enrich existing cyber intelligence by conducting analysis of malicious code (such as binaries, weaponized PDFs, etc.), malicious emails, and performing open source intelligence analysis. Additionally, the incumbent will perform cyber threat intelligence review, assessing and tracking potential cyber threats commonly associated with attempted intrusions, network & host-based attacks (external & internal), product vulnerabilities, etc., and coordinate incident response and remediation efforts. ESSENTIAL DUTIES: Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis (e.g., SIEM, IPS, firewall, etc.). Conduct cursory and in-depth computer forensic investigations to reconstruct events, identify unknown intrusions through use of indicators of compromise, and to identify and track any internal lateral movement. Track cyber threat actors/campaigns based off technical analysis and open source intelligence. Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering. Research and track new exploits and cyber threats. Interact with security community to obtain technical threat intelligence. Provide creative and innovative solutions and serve as a thought leader. Candidate is expected to work closely with team members, management, and other IT teams (Workstation, Network, Server, etc.). Candidate is expected to participate in a 24x7 off hours support rotation. Candidate is expected to be able to perform network, application, and log intrusion detection. Participation in security incident handling efforts in response to a detected incident. Candidate is expected must be able to maintain awareness of trends in security regulatory, technology, and operational requirements STANDARD QUALIFICATIONS Bachelor's Degree or a combination of education plus equivalent work experience. 3 years or more experience in a corporate IT environment or 1 year dedicated SOC experience in addition to a degree with direct background or exposure to cyber security. Other Qualifications: Strong analytical and problem-solving skills. Hands-on experience with network traffic analysis tools (e.g., tcpdump, Wireshark). Experience leveraging at least one enterprise SIEM platform. Strong understanding of malware attack vectors and phishing methods; strong understanding of APT attacks and methods. Knowledge and understanding of static and dynamic malware analysis reverse engineering knowledge. Knowledge and understanding of sandboxing for malware analysis. Usage of open source intelligence to analyze filies/URLs/IPs Basic knowledge and understanding of Netflows Experience in researching and investigating exploits and system vulnerabilities. Knowledge and understanding of security tools: Firewalls, Web Filter, Email Filter, IDS/IPS, etc.. Demonstrated capability to work with little management oversight and must have strong personal initiative. Strong knowledge of Microsoft Windows platform as it pertains to forensic investigation: EventLogs, Windows Registry, Prefetch, Volume shadow copy, etc. Experience with linux/unix systems and basic scripting preferred. Knowledge of network forensics, network traffic analysis, and Pcap analysis. Information Security certifications preferred: CISSP, GIAC/SANS certifications. Ability to pick new technology or concepts up very quickly
Information security, SOC, incident response, vulnerability management, scripting
Top Skills Details:
Information security,SOC,incident response,vulnerability management,scripting
Additional Skills & Qualifications:
1. Experience with any of their tools would be preferred ( MS Sentinel, Cylance, Checkpoint, Ironport, Cisco suite umbrella - Filtering, Duo - MFA, Veronis, Armis) - Particularly MS Sentinel and Ironport would be nice 2. Scripting / Automation experience would be nice to have
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Recruiter: Jean Chambers
Phone: (410) 579-3072