The focus of this role is working within the UTC Cybersecurity department reporting to the Associate Director Cyber Security and Risk Managment and Lead. Job responsibilities are:
- Collects, analyses and enriches event information and perform threat or target analysis duties.
- Interprets, analyses, and reports all events and anomalies in accordance with Computer Network Directives, including initiating, responding, and reporting discovered events.
- Manages and executes multi-level responses and addresses reported or detected incidents.
- Providing reporting and metrics around security monitoring by designing dashboards for asset owners and management consumption.
- Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers.
- Develops focused reporting and briefings for advanced cyber threats and activity to various teams and leaders.
- Ability to do deep dive investigations on complex incidents.
- Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing.
- Act as Subject Matter Experts for analysis functions, providing support on more involved cases and guiding the activity of other analysts through collaboration act as the lead coordinator for the SOCs response to individual information security incidents.
- Act a SME and trainer to T1 personal as needed/ Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by the Security Operations Center.
- Teach other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents and other anomalies
- Regularly recommend new SOC practices and approaches to address program improvement
- Ensures security logs are generated, collected, correlated, and monitored.
- Performs analysis duties, including:
- Development of Data Dictionaries for log sources to confirm which fields and values are needed or useful for Security Monitoring
- Review of available logs to confirm there are adequate quantities and content to usefully provide Security Monitoring
- Review current tooling to identify incremental monitoring opportunities, and communicate needs to engineering teams that support SOC
- Triage SIEM alerts to determine False Positive, Incident, or Technology Misconfiguration
- Perform research at the request of Incident Response teams
- Perform case management activities to ensure successful BAU Security Monitoring Operations, including:
- Documenting case activities in the system of record
- Documenting current case notes sufficient for effective shift handover, as well as reviewing current status via phone call or in person
- Engaging in all forms of communications (e.g. phone calls, instant-messaging, web page updates) to ensure cases are efficiently investigated by all approved parties, regardless of what company, department, or team they are a member of/
- Author Standard Operating Procedures (SOPs).
- Creating incident detection “use case” needs, logic, and implementation methods
- Creating "use case” alert triage workflows
- Training documentation
Qualification: Minimum Qualifications
- 3-5 years of computer and network security experience preferred
- Thorough understanding of fundamental security and network concepts (operating systems, IPS/IDS, TCP/IP, ports, etc.)
- Demonstrated analytic expertise – to include ability to think critically and logically in a dynamic, high-pressure, fast-paced environment
- Excellent written and oral communication skills
- Security certifications (e.g. Security+, GCIA, GCIH, CISSP, CEH, OSCP, etc.)
- Experience with Microsoft and Unix-based operating systems
- Experience managing and tracking vulnerability cases
- Experience supporting network security investigations
- Bachelor’s Degree in Computer Science, Computer Engineering, Information Security, or related security discipline(s) or Master’s Degree preferred or not required
Job ID 73147BR