Position Description:
Senior Security Analysts aid in the monitoring of client intrusion detection devices, web application firewalls and log management devices in an around-the-clock, year-round monitoring operations environment. Senior Security Analysts are responsible for monitoring resources and assigning resources in near real time to address the needs of the operations team to meet SOC goals and SLA’s. Senior Security Analysts have the responsibility of maintaining a thorough understanding of the complete day-to-day process and procedures of the SOC. These individuals have vast technical expertise and wide experience in security operations and security incidents. They have a well-rounded security background and are responsible for day-today operations and escalation procedures which facilitate extensive investigation and analysis of security events and incident escalations within the SOC.
Senior Security Analysts will perform log analysis, conduct initial research using intelligence about various threats, and document whether a discovered event points to a true attack. They will ensure annotation and documentation is provided for any discovery of misconfiguration of a security device, false positive events, events needing additional monitoring attention or research, or a confirmed intrusion. After initial research, Senior Security Analysts will document an event for further analysis, determine the proper priority of the event and explanation of correlated events, and provide documentation to leadership. Throughout the shift, Senior Security Analysts continue researching events, notifying necessary constituents, clients, and other departments and teams, report the events, and perform forensic analysis within business services in conjunction with daily SOC operations.
Successful Senior Security Analysts are able to mentor and lead by example. Senior Security Analysts must also serve as security advocates to the business and clients. Senior Security Analysts need to maintain in-depth information on security incidents as they occur within the business and throughout out the industry to provide the proper investigation, analysis, and protective measures within the organization. This position will include the flexibility of shift rotations to meet the needs of operations.
This job allows for a remote worker!
Due to the nature of the government contracts, this position requires US Citizenship.
Your future duties and responsibilities:
Understand and maintain the appropriate knowledge of tools, security procedures, and services within the SOC.
• Ensure the proper direction, implementation, and understanding of new policies, programs, tools, and procedures are available within the team.
• Ensure the transfer of knowledge between analyst shifts and leadership to provide an understanding of all updates, assignments, training, and SOC procedures.
• Ensure the proper documentation and structure is in place to prioritize and escalate issues in order to be proactive rather than reactive.
• Provide analysts with consistent up-to-date documentation for clients and procedures in an easy-to-access and organized central location.
• Ensure that event analysis and incident reports are documented and quality control is applied to ensure accuracy.
• Assist in developing and maturing the future services and capabilities of the SOC, such as Forensics, Threat Management, Penetration Assessments, Tool Management, and more.
• Identify improvements within processes, procedures, policies, staffing, training, and tools to improve efforts and daily operations.
• Ensure that all procedures and operations are carried out by the responsible parties.
• Responsible for shift activity and daily operations in terms of making sure that the daily shift responsibilities are completed.
• Understand SOC objectives, direction, and procedures.
• Maintain the ability to complete all SOC daily operations and procedures, and ensure the proper escalation and leadership knowledge is provided.
• Ensure the proper documentation of tickets, shift documentation, correspondence, and escalations.
• Understand and maintain the appropriate knowledge of tools, security procedures, and services within the SOC.
• Ensure the proper direction, implementation, and understanding of new policies, programs, tools, and procedures are available within the team.
• Ensure the transfer of knowledge between analyst shifts and leadership to provide an understanding of all updates, assignments, training, and SOC procedures.
• Ensure the proper documentation and structure is in place to prioritize and escalate issues in order to be proactive rather than reactive.
• Provide analysts with consistent up-to-date documentation for clients and procedures in an easy-to-access and organized central location.
• Ensure that event analysis and incident reports are documented and quality control is applied to ensure accuracy.
• Assist in developing and maturing the future services and capabilities of the SOC, such as Forensics, Threat Management, Penetration Assessments, Tool Management, and more.
• Identify improvements within processes, procedures, policies, staffing, training, and tools to improve efforts and daily operations.
• Ensure that all procedures and operations are carried out by the responsible parties.
• Responsible for shift activity and daily operations in terms of making sure that the daily shift responsibilities are completed.
• Understand SOC objectives, direction, and procedures.
• Maintain the ability to complete all SOC daily operations and procedures, and ensure the proper escalation and leadership knowledge is provided.
• Ensure the proper documentation of tickets, shift documentation, correspondence, and escalations.
• Ensure events are handled at detection time according to established procedures.
• Demonstrate excellent communication and client care skills by documenting all activities within our client delivery systems and communicating with client representatives in a timely manner.
• Stay informed of current events in the security industry including the latest exploits and threats as well as preventative measures, remediation, and restoration techniques.
• Ensure that proper pass down is given in terms of the accuracy of the information and the events that took place during shift.
• Act as the escalation point for client requests for information and presence on conference calls where SOC representation is necessary.
• Mentor team members to improve quality and consistency of security information analysis of network traffic.
• Assist analyst investigation and ticket creation efforts. Provide daily monitoring and alerting of events that occur within the near real time environment.
• Ensure the proper mitigations and vulnerability management are recommended and escalated to management.
Accurately and in detail, record pertinent information from the shift in the shift logs to ensure no information gaps occur at shift change.
Required qualifications to be successful in this role:
Graduation with a degree from a recognized university with specialization in Computer Sciences or a related discipline and/or a minimum of three to five (3 – 5) years of directly related practical experience and demonstrated ability to carry out the functions of the job.
• Thirst for knowledge, inquisitive nature, keen interest in being a driver of the SOC expansion
• Experience working in an IT Security Operations Center using SANS methodology
• Experience designing IT security systems and/or experience in security penetration testing
• Experience and extensive knowledge of Security Information Event Management
• Experience in Intrusion Detection or Prevention Systems
• Knowledge of: TCP/IP, computer networking, routing and switching
• Experience in Linux/UNIX and Windows based devices at the System Administrator level
• System log forensics (Syslog, Event Viewer)
• Strong troubleshooting, reasoning and problem solving skills
• Team player, excellent communication skills, good time management
• Organizational skills and the ability to work autonomously with attention to processes
• Ability to speak and communicate effectively with peers, management and clients
• Ability and experience in writing clear and concise technical documentation
• Ability to speak and write fluently in English
• Security certifications: SANS/GIAC (GCIH, GCIA or GCUX), CEH, Sec+, & other similar certifications highly recommended.
DESIRED QUALIFICATIONS
SIEM experience with ArcSight, QRadar, Splunk
• Experience using ticketing systems such as Remedy, LanDesk
• Security +, Network +, CISSP, CEH, GCIA, GCIH, CISM, SPLUNK Training
• Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions
• Knowledge of NIST, PCI, HIPAA
• Experience mentoring colleagues
Est. Salary/Hourly Range (Colorado Only): $64,000 – 75,000*
#CGIFederalJob
Skills:
- Incident Response
- Network Administration
- Routing/Routers
- Security