Perform real-time security log and event analysis and take action to contain and mitigate information security threats. The events will originate from SIEM, DLP, IDS, IPS, antivirus, firewalls and system security logs.
- Experience in using SIEM technology, packet captures, reports, data visualization, pattern analysis and fine tuning of rules.
- Create, analyze and develop remediation plans resulting from the identification of vulnerabilities discovered during scheduled scans.
- Maintain existing security systems such as IPS/IDS, antivirus, EPO, SIEM, NAC and other cyber-attack detection and analytics tools; responsible for full lifecycle of security technologies including deployment, configuration, troubleshooting, maintenance, patching/upgrading and decommission.
- Collect and analyze threat intelligence from internal and external sources to provide situational awareness and early detection of emerging attack vectors.
- Monitor information systems and services to audit and maintain security controls to ensure compliance with firm policies and industry best practices.
- Make enhancements to existing monitoring and security operations and contribute to a Continuous Monitoring program framework.
- Work across teams to accomplish security program goals.
Knowledge of information security domains, concepts and principles.
- Strong log analysis and SIEM experience.
Knowledge of network services, vulnerabilities, exploits and attacks.
Strong knowledge of server and desktop operating systems, routers, switches, firewalls, and other network equipment.
Previous experience within an information security/SOC team.
Experience with any of the following considered a plus:
- Vulnerability Scanning tools
- Network Scanning/Management tools, Event Log management system
- Anti-virus, Anti-spam and other protective tool
- Encryption products and Open source security related tool
- Forensic Tool
- Malware Analysis
- Analysis of network captures
- Advanced Persistent Threat analysis and mitigation
- Detail oriented and able to meet tight deadlines
- Excellent written, verbal and interpersonal skills.
- Highly motivated self-starter with an inquisitive personality.
- Desire and ability to learn new skills and concepts.
- CISSP, CISA, GIAC and other Industry Certifications considered a plus.