MUST come on-site 3 days a week in the Boca Raton, FL area. Either local or willing to relocate.
Please only send candidates that have over 6 years of experience in the cyber security space with SIEM experience.
The Senior Cyber-Security Analyst is a member of the Information Security department and reports directly to the Manager, Security Operations Team.
Responsibilities Include But Not Limited To
- Serve as technical escalation resource for Tier I/II Analysts/Engineers
- Investigate and document events to aid incident responders, managers and other Security Operations team members on security issues and the emergence of new threats.
- Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
- Create and maintain data security documentation, policies and procedures.
- Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
- Evaluate current Security Operations standards and procedures and update or author new content as required.
- Leverage a deep understanding of current and evolving security threats and threat detection solutions as well as contribute to the company’s threat and vulnerability research and IT security strategy and roadmap.
- Leverage automation and orchestration solutions to automate repetitive tasks. (Scripting abilities with Python are highly desired.)
- Seek opportunities to drive efficiencies and collaborate with other technology teams (e.g. NOC, Service Desk)
- Partner with the security engineering team to improve tool usage and workflow
- Partner with MDR and internal teams to mature monitoring and response capabilities.
- Adhere to service level agreements (SLAs), metrics and business scorecard obligations for ticket handling of security incidents and events.
- Leverage knowledge of security on multiple platforms and disciplines (Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security and data networking)
- On major incidents, acts as incident commander and primary point of contact.
- As a senior member of the team, monitor and process responses for security events on a 24x7 basis. (Periodic on-call shift coverage)
- Perform other related duties as assigned.
Desired Skills
- Experience working with various SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP and other network and system monitoring tools.
- Moderate to Advanced knowledge in the following areas: Event analysis leveraging SIEM tools, log parsing and analysis skill set, networking fundamentals, current threat landscape, malware operation and indicators, penetration techniques, DDoS mitigation techniques, IDS/IPS systems, Windows and Unix or Linux, Firewall and Proxy technology, Data Loss Prevention monitoring, scripting, analysis experience, and audit requirements (PCI, HIPPA, SOX, etc.)
- Extensive experience in Incident Response, Incident Handling and Security Operations
- Experience in digital forensics preferred to include processes and procedures for collecting and preserving digital evidence, data acquisition, and forensic analysis of data
- Ability to conduct multi-step breach and investigative analysis to trace the dynamic activities associated with advanced threats
- Perform investigation and escalation for complex or high severity security threats or incidents
- Advanced knowledge and expertise in the use of SIEM technologies for event investigation
- Assist in defining and driving strategic initiatives
- Coordinate evidence/data gathering and documentation and review Security Incident reports
Qualifications/Requirements
- Bachelor’s degree in Information Technology/Security or 10 years of progressive experience in the IT / Information Security space required.
- Excellent Project management skills, including ability to create and maintain security project plans, schedules, metrics and progress reports/presentations.
- Experience working with change management principles and operations.
- General knowledge and understanding of information security and privacy-related regulations.
- Ability to plan, organize, and prioritize a varied workload.
- Experience driving measurable improvement in monitoring and response capabilities at scale.
- Knowledge of a variety of Internet protocols
- Critical thinking skills and the ability to solve problems as they arise
- Ability to work effectively with technical and non-technical personnel in a cross-functional setting.
- Ability to relate security principles and processes to business and other departments.
- Proficient knowledge of the Microsoft Office suite required.
- Strong written and verbal communication skills required.
- Must be authorized to work in the US, no sponsorship or C2C.