Tier 2 Security Event Monitoring Analyst
Cyber Security Cyber Risk Posted: 24-Mar-2023
Alexandria, Virginia, United States
Arlington, Virginia, United States
Mclean, Virginia, United States
Rosslyn, Virginia, United States
Washington Dc, Virginia, United States
Work you'll do
- Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity
- When necessary, and with the Manager’s approval, devise and document new procedures Operational
- Advanced analysis of the results of the monitoring solutions, assess escalated output from Level 1 Analysts
- Web hunting for new patterns/activities
- Provide intermediate event analysis, incident detection, and escalate as needed to Level 3 Analyst with documented procedures
- Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the SOC team
- Ensures that all identified events are promptly validated and thoroughly investigated
- Responsible for identifying training needs for the junior analysts
- Oversee documentation owned by the SOC team including but not limited to Standard Operating Procedures (SOPs) and Operational Level Agreements (OLAs) Relationship Management
- Report progress and escalate in a timely manner to the AMER L3 Analyst
- Provide oversight and guidance to Level 1 Analysts to monitor, detect, analyze, remediate, and report on cybersecurity events and incidents
- Coordinate with the Security Tool specialists to implement new or enhanced content
The team
Qualifications
- Minimum of 2 years of combined experience in the Information Security / Cybersecurity domain with a focus on security event monitoring
- Proven track record and experience of the following in a highly complex and global organization:
- Working with leading SIEM technologies, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring)
- In depth, hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration, Active Directory, Windows Workstation, Routers /Switches management, Firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, Application/Database vulnerability scanning tools, mobile device analysis or Secure coding o
- Analyzing possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.and coordinating remediation actions as necessary Certification
- Professional security certification preferred, such as Certified Intrusion Analyst (GIAC), CISSP, Certified Ethical Hacker (CEH), Certified Expert Penetration Tester (CEPT)
- Professional security management certification desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials Skills/abilities
- Willing to work on any of three 10 hour shifts to offer 24 hours support service
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
- Understanding of network devices such as routers, switches. TCP/IP knowledge
- Understanding of common network services (web, mail, FTP, etc.), network vulnerabilities, and network attack patterns
- Experience with leading SIEM solutions including Splunk, ArcSight ESM and Loggers
- Experience with ticketing systems
- Intermediate knowledge in system security architecture and security solutions
- Ability to travel as needed up to 25%
- Bachelor’s degree:degreein computer science, mathematics, engineering, or other technical degree preferred
- Master’s degree preferred