Security Operations Analyst
Primary Job Duties and Responsibilities (Essential Job Functions):
- Effectively monitor the Security Information and Event Management (SIEM) system, the Intrusion Detection System (IDS), and other security tools for cyber security events.
- Evaluate and manage the events to eliminate or mitigate risk to the company.
- Respond to real time security incidents and support activities for response, containment and event forensics.
- Review potential phishing attacks for threats.
- Review workstation security patching failures and remediate. (40%).
- Assist in reviewing assessments from the vulnerability scanning tools and take action to remediate or further investigate those considered to be a risk.
- Provide trend analysis and risk assessment to management for vulnerabilities in the environment.
- Review workstation security patching failures and assist with remediation. (10%)
- Support and maintain the Security Information and Event Management (SIEM) system, Intrusion Detection Systems (IDS) and other monitoring tools as needed.
- Determine and build alerts based on new threats and security data, regulatory requirements, Center for Internet Security critical security controls best practices and ISO 27001 certification requirements. (15%)
- Assist in the development and maintenance of incident response procedures for security events that require the mobilization of IT resources to respond to network or system intrusions or malicious code.
- Maintain cyber security operations monitoring standard operating procedures to effectively manage and mitigate cyber security events. (10%)
- Maintain strong understanding of network infrastructure, computer operating systems, software used for cyber security and other technologies to ensure adequate defense in depth design across the IT enterprise. (5%)
- Participate on the CIRT team as dictated by the cyber-security incident management plan.
- Assist in forensic and investigation activities where technical security skills are required. (10%)
- Participate on IT project teams across all technology disciplines to provide input on security requirements in accordance to security policies and standards. (10%)
- Participate in on-call rotation to support front line security operations analysts. (0-5%)
- Performs any additional responsibilities as requested or assigned. (0-5%)
Communications/Contacts Internal –
- Information technology management and staff, human resources and legal. External - Suppliers of information protection products and services, auditors and professional security groups.
Performance Expectations (Key Success Factors):
- Provides timely and accurate monitoring, assessment and remediation of cyber security alerts and workstation security patch failures.
- Involves peers and other IT staff to assist in assessment and remediation as appropriate.
- Ensure alerts and other notifications are configured timely and accurately in the SIEM or other monitoring or assessment tools.
- Keeps current on new and emerging threats and the technologies to thwart them.
- Monitor what is happening in the cyber security industry via news feeds, electronic alerts and networking regarding security threats and countermeasures.
- Assist with the development, testing and implementation of new cyber-security processes and procedures; ensure existing processes and procedures are kept accurate and current with rapidly changing methodologies and technologies.
- Provides input to incident response plans and assists in response to actual events as required.
- Actively participates on the CIRT when in progress.
- Results driven and self-starter.
- Performs responsibilities within determined time frames and with a high degree of accuracy;
- establishes and maintains effective work relationships within the department and the company;
- and maintains the professional competence, knowledge and skills necessary for the satisfactory completion of responsibilities.
- Maintains sensitive and confidential information regarding company information.
- Attends work as required and supports the company employee policies and procedures, including workplace safety rules.
- Bachelor’s degree in computer science, information technology or related field or equivalent work experience. (Typically six years of additional related, progressive work experience would be needed for candidates applying for this position who do not possess a bachelor’s degree.)
- A minimum of two Security Information and Event Management and Intrusion Detection systems with associated incident response experience. MCSA, MCSE or equivalent work experience required. Security certification such as GIAC, CISM or CISSP preferred.
- Understand and be able to use regular expressions and pattern matching.
- Application development experience using programming languages such as PERL as well as open source security tools such as SNARE, SNORT, etc. is preferred but not required.
- Technical knowledge of complex computing environments, operating systems, databases, network software and disaster recovery practices.
- Knowledge of network, workstation and server security products, technologies and protocols.
- Excellent oral and written communication skills, including presentation skills.
- Effective interpersonal skills and customer relationship skills.
- Effective analytical, problem-solving and decision-making skills.
- Ability to prioritize and handle multiple tasks and projects concurrently.
- Available to cover on-call responsibilities that may occur nights, weekends and holidays.
- NERC CIPS - YES