Our client is seeking an experienced and exceptional IT Security professional to work in their world class Security Operation Center, located in Minneapolis, MN, to work in the capacity of Senior IT Security Analyst.
This location handles Cyber Security Alerts & Incidents originating from multiple sites worldwide.
The chosen candidate will be serving as the first line of defense, responsible for detecting and investigating cybersecuritythreats to the organization’s IT Enterprise.
This role provides an opportunity to work with advanced Network and Endpoint Detection and Response tools in support of a comprehensive cybersecurity program. S/He will be a key individual and will have a role in mentoring junior analysts as well as a critical role in content development and alarm refinement.
They are seeking someone who has a proven track record of technical achievement and is driven by the challenging demands of cybersecurity defense.
This position will support the 24/7 coverage of the Security Operations, working the 11am – 7pm CST shift Monday-Friday and will take part in a weekend on-call rotation.
- Perform real-time proactive security monitoring, detection and response to securityevents and incidents within the organization’s Enterprise Network
- Conduct thorough investigation of securityevents generated by our detection mechanisms such as SIEM, IDS/IPS and AV
- Handle Incident Escalations from SOC L1
- Recognizes successful potential intrusions and compromises through review and analysis of relevant event detail information.
- Launch and track investigations to resolution. Recognizes attacks based on their signatures.
- Differentiates false positives from true intrusion attempts.
- Alerts concerned stakeholders of intrusions and potential intrusions and compromises to their IT environment.
- Knowledge base update to effectively communicate information internally and to customers• Educate SOC L1 to enable those handling similar incidents in future.
- Utilize advanced network and host forensic tools in order to triage and scope an incident.
- Categorize the events and raise necessary incidents after thorough quality check of the event.
- Partner and collaborate with L3 Support, Threat Intelligence Team, Tool engineers and Forensics team to provide adequate information required for resolution.
- Participate in the Process and Alarm Refinement Committee with key stakeholders from the Cyber Security Incident Response Team and Engineering team maintenance and fine-tuning of security platform functionality.
- Partner and collaborate with organization’s Technology Governance, Risks, and Controls organization to integrate further datasets.
- Maintain situational awareness of latest cybersecuritythreats, vulnerabilities and mitigation strategies.
Best Industry – Information Technology
Best Department – IT, Network Operations
Bachelor’s Degree in Computer Science or a related technical discipline is preferred. Master’s Degree or Information Security Certifications (i.e. SANS GIAC Certifications, ideally GCIH, GCFA, GREM, CISSP, Security+) are a very strong plus.
3 – 5 years of experience in triaging information security alerts from tools like SIEM, DLP, Proxy and other CND security tools.
2 or more years of experience in at least three of the following disciplines within cybersecurity: malware reverse engineering, SIEM content development, digital forensics, host and/or network, penetration testing, network perimeter defense, vulnerability assessment.
Demonstrated knowledge of Windows and Linux OS to include experience working in the command line interface is required.
Demonstrated analytical skills are required.
Strong oral and writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports.
Ability to manage multiple tasks, priorities, and operational assignments in a high pressure environment is strongly preferred.
US Citizens or Green Card Holders only apply. No H1b visa sponsorship will be offered with this position.