The Security Operations Analyst will be part of NetworkSecurity Operations Center team. Primary emphasis will be placed on daily monitoring and review of network, system, and application events to identify potential security incidents.
The Security Analyst will be required to:
· Analyze potential intrusion, threats and vulnerability of system infrastructure and data
· Look for security breaches and follow established protocols to determine severity
· Perform preliminary log collection and identify incidents to determine root cause, severity and escalation procedures.
· Preserve evidence for further investigation and possible legal action
· Follow procedures to execute security incident response
· Work closely with other technical teams to identify and escalate procedures to counteract potential threats/vulnerabilities
· Appropriately inform and advise team leads and managers on incidents and prevention
· Document and conform to processes related to security monitoring
· Participate in knowledge sharing with other analysts, and develop solutions efficiently
· This is (24X7) operation requiring analysts to work on rotating shifts
· Limited local travel possible
· Achieved one or more of the following security certifications: Security+, GSEC, CEH, ECSA, SSCP, CISSP, CCNA-Security
· Analysts will be required to progressively achieve additional certifications as they learn and grow with the team.
· Bachelor's Degree in Computer Science, Information Security, or Technical School Certification and/or equivalent training and work experience
· 1-4 years Security Operations Center (SOC) experience, working withcybersecurity, system/data vulnerability, intrusion, detection, access and authorization, firewall, encryption, protocols, and threat protection.
· Strong analytical and problem solving skills, with the ability to manage multiple tasks.
· Basic knowledge of Information Securitytechnologies; NIDS/IPS, HIDS, WAF, Firewalls, content filtering, Vulnerability Management, Incident response.
· Experience with Unix/Linux operating systems working withnetwork and server monitoring
· Must have strong verbal and written communication skills
· Willingness to and teach others and impart knowledge.
· Experience with Security Information and Event Management (SIEM) tools; Qradar, Splunk, ArcSight, AlienVault, SolarWinds, LogRhythm’s Security Intelligence Platform. McAfee is preferred.
· Training or working knowledge of Networking protocols and technologiesTCP/IP, Firewalls, Routers
· Understanding the technical aspects of the Information Security including firewall protection, log monitoring and event management
· Experience with Vulnerability scanners; Rapid7, InsightVM, Nexpose, Metasploit, Qualys, and Retina. Tenable Nessus Security Center is preferred.
· Programming and scripting skills; Perl, Shell Bash, Python.
· Understanding of Linux networking and operating system from an InfoSec risk perspective.
· Telecom industry experience is preferred
· Ability to work in dynamic environment
· Strong organizational skills, attention to detail and the ability to handle multiple tasks simultaneously while maintaining high standards