Sr Incident Response Security Analyst (Network) - 100% remote (EST working hours*)
Optomi, in partnership with a global pharmaceutical and healthcare company is looking to add a Security Analyst to the Cybersecurity Operations/ Incident Response team to oversee Palo Alto and networking alerting! The Sr Incident Response Security Analyst will play a pivotal role in the organization's cybersecurity efforts. They will be responsible for leading and executing complex cybersecurity operations and incident response initiatives to safeguard systems and networks against advanced threats. Working closely with cross-functional teams, they will provide expert-level guidance to junior analysts and other teams within the organization.
Please note: This is a contract position that will most likely convert after 6 months. This is a full time (40 hours per week) position on W2 (benefits are available). No C2C/1099 is available.
What You Will Do:
- Review proposed change requests to rules or policies for firewalls, router access control lists, IPS, and proxies.
- Perform regular reviews or audits of deployed rulesets to identify drift from baseline.
- Serves as primary point-of-contact in reviewing threats and vulnerabilities and ensuring servers and firewalls are properly configured and managed.
- Monitor and address security incidents, implementing measures to enhance incident response and resolve security issues.
- Perform regular reviews or audits of deployed rulesets to identify drift from baseline.
- Review proposed change requests to rules or policies for firewalls, router access control lists, IPS, and proxies.
- Perform triage of potential security incidents in accordance with the SOC (Security Operations Center) case handling procedures, alert handling procedures, and customer-specific procedures.
- Mentor and provide guidance to junior network security engineers.
- Perform continuous improvements on services by identifying and correcting problems and gaps in knowledge and document materials.
- Participate in on-call rotation (including weekends) to ensure continuous operations.
What You Will Need:
- A Degree in Cybersecurity, Network Engineering, Computer Science, Information Systems or other related field, or equivalent work experience
- 5-7 years of combined IT and Network security work experience with a broad range of exposure to cybersecurity functions.
- Profound knowledge of network security principles and best practices.
- Analyze network communication flows (based on WireShark traces or Firewall loggings)
- In-depth knowledge of network protocols (TCP/IP, LAN/WAN, Routing, HTTP, DNS, SMTP)
- Hands-on extensive experience and proficiency performing network security investigations with the following security tool categories: (Firewalls, Network IDS/IPS Solutions, Switch/Router ACLs, Network Access Control solutions, Proxy Servers and Secure Web Gateway, SIEM, EDR, Email Security Gateway, SOAR, Anti-virus).
- Deep understanding of cyber security industry frameworks (e.g. MITRE ATT&CK, D3FEND, NIST, Cyber Killschain, etc.)
- Excellent written communication skills, with a focus on translating technically complex issues into simple, easy-to-understand concepts in English
- Experience in leading major incident breach response activities.
- Ability to develop new, and follow existing operating procedures and runbooks
- Highly skilled in technical incident report writing and maintenance of document and evidence repositories
- CCNA, CCDA, CCNP, or Network+ certification required.
Nice to have:
- Security certification (i.e. Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH) or equivalent
- Expertise in one or more of the following functional areas: Digital Forensics, Threat Hunting
- Experience in Python, PowerShell, Bash or any other scripting languages
- Prior experience in developing detection rules and SOAR playbooks
*Ideally this candidate needs to sit in EST or CST. EST working hours are required.
