Experience:
3-5 years experience preferred
Required skills:
- Critical thinking and analysis
- Strong sense of ownership
- Highly curious
- Fascination with big airplanes and travel
- Able to work independently with minimal direction
Typical Duties and Responsibilities:
Standard 3 days on site, more as required
Travel occasionally for 0-2 nights
Maintain documentation
Support enterprise logging and analysis solutions
Analyze Log files for suspicious activity
Analyze event data for suspicious patterns
- Analyze log sources, assess threats, and define alerting criteria
- Develop log policies by creating rules, setting thresholds, and prioritizing alerts based on impact and urgency
- Work with IR Engineering to configure data ingestion, detection rules, and fine-tune detection
- Work with CIRT to configure incident creation, explore opportunities to enrich incident data, and assign incidents to CIRT teams
- Review policies regularly, address false positives/negatives, and stay updated on technology
- Data extraction
- Reporting
Note: this is not an Incident Response role
Desired Skills (mastery):None
Desired Skills (proficient):Windows 10
Windows Server 2019
Linux Ubuntu 2018
Scripting (PowerShell, BASH, Python, etc.)
Desired Skills (familiar):
MySQL
Anvilogic
FluentBit
Desired Certifications:
CompTIA Security+, Certified Information Systems Security Professional (CISSP)