The security analyst will perform SOC operations to include incident monitoring, response and reporting, following the company incident response procedures.
- Ensuring that the company’s digital assets are protected from unauthorized access. This includes monitoring security access and performing entitlement reviews.
- Performing penetration tests and vulnerability scans to ensure the company’s digital assets are secure. This includes performing regular maintenance of testing tools.
- Reviewing logs and other correlated data within the SIEM and reporting any deficiencies found. This includes creating and adjusting alerts and reports within the SIEM.
- Generating reports for business managers and engineers.
- Staying current on cyber security trends and news. This includes remaining current with all new vulnerabilities and security risks associated with company hardware, operating system and application software.
- A technical 4-year degree in computer science, computer information systems, or engineering is recommended but substantial experience can be substituted.
- 5 or more years experience in information security.
- Experience in the area of software development is a plus.
- Exposure to security frameworks: PCI-DSS, COBIT, ISO 27000, NIST SP-800 Series, NIST Cyber security framework.
- Exposure to data privacy regulations: HIPAA, CCPA, EU GDPR.
- Proficiency with using a PC, VPN, MS Office, Atlassian Confluence and Jira, and other business software is required.
- Network protocols, network devices, server operating systems, middle-ware systems, and secure architectures.
- Cloud based infrasture as a service and software as a service.
- Scanning and penetration testing tools that test networks, computers, web-based applications, and other systems to detect vulnerabilities.
- Security information and event management (SIEM) systems and centralized logging systems.
- Knowledge of intrustion detection and prevention systems.
- Use of Minimum Baseline Standards and Configuration Management.
- Knowledge of virus and malware behavior, and response methodologies.
- Understanding of patch management with the ability to work with DevOps and Engineering teams to deploy patches in a timely manner while understanding business impact.
- Hands on experience with common security tools and security distributions.
- The most successful analysts are detail-oriented and have an analytical mindset. Analysts also are self-motivated and possess business acumen to determine priorities and solutions.
- Strong interpersonal skills are needed to be successful. Analysts work with company staff on better security protocols and regularly communicate with engineers, developers, management and executive leadership.