Security Analyst II

About the Position:

Investigate and remediate escalated incidents, identify affected systems, mitigate active threats, leverage threat intelligence to set threat hunting priorities, manage and improve detection and response technology and processes, create and maintain relevant documentation and reporting, and mentor junior security analysts.

What you do daily:

• Collaborative issue/remediation on a broad set of IT related issues: Cybersecurity risks, regulatory, data protection, user access, various controls, etc.
• Perform reviews of related IT Compliance documentation, procedures and controls, including creating work papers and making recommendations for remediation.
• Respond to security events, validate and investigate escalated incidents, perform mitigation and recovery operations.
• Fine-tune, optimize, and support existing security tools used for security monitoring, detection of events, incident response efforts, and security awareness training. For example, SIEM, EDR, CASB, DLP, etc.
• Create and maintain incident response documentation, incident investigation records, root cause analysis documentation, internal knowledgebase, and runbooks.
• Conduct quantifiable threat and risk analysis and provide viable solutions.
• Participate in blue/purple team exercises, design and conduct DR/BCP/IR tabletop exercises, update process documentation based on lessons learned

What makes you a good fit: (Qualifications)

• A computer science related baccalaureate degree from an accredited college, or equivalent experience
• Minimum of 5 - 8 years’ experience in security in an enterprise environment.
• Experience with vulnerability scanning applications, log management and alerting platforms, and packet analyzers.
• Experience with network segmentation and/or security zones for applicable data protection according to data classification.
• Willing to share knowledge with co-workers and to assist them in understanding technical and business topics.
• Working knowledge of information systems security standards and practices (e.g., access control, system hardening, system auditing, log file monitoring, security policies, and incident handling).
• Experience with detection and response tools including Network Behavior Anomaly Detection, Data Loss Prevention, Email Gateway services, Sandboxing, DDoS Mitigation, WAF, Forward/Reverse Proxies, DNS Security, etc.
• Demonstrated experience of “hands-on” security knowledge of one or more of the following platforms: Windows, Apple IOS, Linux.
• Working knowledge of networking protocols, web technologies, and cloud computing.
• Ability to interpret information security data and processes to identify potential Indicators of Compromise (IoC).
• Ability to quickly understand complicated data flows in order to identify and validate security requirements.
• A team player with a willingness to establish a strong positive working relationship with all areas of the business.
• Ability to work effectively, independent of assistance or supervision.
• Ability to clearly communicate Information Security matters to executives, auditors, end-users, and engineers using appropriate language, examples, and tone.
• One or more of the following advanced professional security certifications: Network+, Security+, CCNA, GSEC, CRISC, CISSP (or requisite experience to attain within 12 months)

Preferred Qualifications

• One or more professional advanced offensive or detection and response certifications such as OSCP, GCIH, GCDA, GCIA, GCFE (or equivalent work experience).
• Experience with wired and wireless network-based passive and active controls like IDS and IPS.
• Familiarity with ITILv2/v3 processes such as Service Support, Service Delivery, or Continual Service Improvement.
• Familiarity with Regulatory Compliance and industry standards and frameworks such as ISO27k, SSAE18 SOC 2, and PCI.