Senior Security Analyst

Senior Security Analyst will work as a member of the Cyber Defense Center team. The successful candidate must possess in-depth understanding & hands-on experience on a number of security technologies, eg: SIEM, IDS, IPS, EDR/ XDR, SOAR, Email Security Appliances etc., and should be well versed in performing security investigations and Incident Response. He/she will also assist in defining and documenting Standard Operating Procedures and knowledge sharing within the team.

Tasks and Responsibilities

• Monitoring of the threat landscape and evaluation of applicability to the organization.
• Identification of risk scenarios and translation into Use Cases / Active Threat Hunting
• Triage of security events (end-to-end)
• Development of playbooks
• Support the local security management and service owners in case of IT security incidents (Incident Response)
• Optimization of Security systems, fine-tuning use cases and rules for the identification of potential attacks
• Create rules for compliance and audit requirements and create and manage Watch Lists for current threats.
• Create custom rules/rule modifications and custom reports/ report modifications as needed.
• Create custom documentation for internal and external needs.
• Responsible for mentoring and training of other team members.
• Assist with designing and documenting work processes within the CDC.
• Perform other duties as assigned.

Education/Experience

• Bachelor's Degree or equivalent in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 6+ years of related experience and/or training; or equivalent combination of education and experience required.
• Minimum 6-8 years of Managed Security Services or Information Security experience required.
• Minimum 4 years of security investigation/Incident Response experience required.
• Prior Experience as a Splunk Consultant or administrator with a strong understanding of Splunk Architecture
• Proficiency in scripting languages e.g. Python, Rest API, data query languages e.g. SQL, Splunk queries, KQL, and familiarity with various security tools.
• Excellent written and verbal communication skills are required.
• A good understanding of Information, Cyber & Network Security concepts is required.
• Time management and organizational skills are required.
• Strong Analytical thinking
• Risk Management
• Identifying organizational relevant Threat Intelligence information
• Expert knowledge in attack strategies (e.g. MITRE Attack Framework)