Security Analyst (Tier 2)
GDH

Austin, Texas

Posted in IT


This job has expired.

Job Info


.bd_title { font-weight: bold; }

The Tier 2 Security Operation Center (SOC) Analysts have experience in using SIEM technologies to support in-depth investigations and threat hunting activities. Experience with Devo, Splunk, Azure Sentinel or other SIEM technology is required. An understanding of ticket workflow and handling is also required.


Tier 2 SOC Analysts are also responsible for researching, responding to, and creating tickets within the ticketing system.

Tier 2 Analysts are responsible for:

· Determining service impact of security events.

· Alerting customers to possible malicious activity.

· Working tickets via ticketing system.

· Creating tickets for various needs of the SOC.

· Research and data collection of events of interest.

· Engaging support of Tier 3 Analysts, Network Operations Center (NOC), Network Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary.

Responsibilities

· Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.

· Receive and analyze security alerts from various sources within the enterprise and determine possible causes of such alerts.

· Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.

· Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).

· Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.

· Assists in developing cybersecurity recommendations to Tier 3 based on significant threats and vulnerabilities.

· Work security tickets within established SLAs and escalate to Customer or Tier 3 as needed, establish false positive, or contact customer as needed.

· Provide guidance and mentorship to other SOC personnel.

· Contribute to the creation of process documentation and training materials.

Candidate Requirements

Candidate should have strong communications skills, both written and verbal. Be comfortable communicating with teammates, customer technical personnel and AT&T Leads and Managers

The preferred candidate is REQUIRED to have:

· Three (3) to five (5) years of Security Incident Response, Security Operations Center, and/or threat analysis experience.

· Demonstrated experience using either an enterprise and/or cloud Security SIEM technologies as an analyst.

· Ability to support and work across multiple customer and bespoke systems.

· Must be able to pass a CJIS background check process and other background checks to comply with customers contracts.

· Strong Documentation (SOP/Standard Operations Procedure) development.

· Understanding of Ticket Flow.

· Strong Trouble Shooting Skills.

· Understanding of how to read inbound and outbound traffic.

· Complete basic safety and security training to meet the customer requirements.

· Ability to work a rotating shift and on-call schedule as required.

· CompTIA Security + certification (equivalent or higher)

·

Candidate Preferred Requirements

The Preferred candidate holding one or more of the industry certifications will be a plus.

· Certified Ethic Hacker (CEH) or equivalent

· Certified Incident Handler (GCIH or ECIH)

· Splunk Power User Certification

· Other Certs - such as CompTIA Networking+, any Cloud Certifications, Devo, Splunk, Azure Sentinel

Qualifying Experience and Attributes

· Experience with one or more SEIM: Devo, McAfee ESM, Splunk, Azure Sentinel, Q-Radar, ArcSight, etc.

· Able to use the internet to do research on events of interest.

· Familiar with the cyber kill chain.

· Familiar with Mitre ATT&CK and Mitre D3FEND

· Familiar with common cybersecurity frameworks, regulations, and compliance standards

· Working knowledge of cybersecurity and privacy principles.

· Working knowledge of cyber threats and vulnerabilities.

· Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.

· Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.

· Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).?

· Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).?

· Knowledge of incident response and handling methodologies.?

· Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).?

· Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.

· Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

· Knowledge of escalation, incident management and change management processes and procedures of a SOC.

· Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).?

· Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).?

· Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

· Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).


  • Please ensure your candidates are willing to work a rotating schedule. The candidate would be expected to work a rotation, rotating every 3 months (day shift- 8AM-5PM, CST), (mid- shift- 4PM-1AM, CST) (night shift 12-9AM, CST). The particular schedule the candidate will begin working will be based on shift needs. This position requires a CJIS clearance.

8AM-5PM, CST (Day Shift)

4PM-1AM, CST (Mid Shift)

12AM-9AM, CST (Night Shift)

Resume Deadline- Monday, September 26 (12PM CST)

Resume Review- Tuesday - Wednesday,September 27 - 28

Schedule Interviews- Thursdaymorning, October 6th

Conduct 3, one hour interviews/ providepass feedback- Friday, October 7 (11 - 2PM, CST)


This job has expired.

More IT jobs


AF Group
Chicago, Illinois
$90,400.00 - $151,500.00 per year
Posted about 3 hours ago

AF Group
New Berlin, Wisconsin
$90,400.00 - $151,500.00 per year
Posted about 3 hours ago

AF Group
Los Angeles, California
$90,400.00 - $151,500.00 per year
Posted about 3 hours ago

Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.