Responds to Information Security incidents working in a 24X7 operations department. Recommends risk mitigation, implements appropriate security safeguards, tests proposed security solutions, and performs audit/compliance and forensic activities as needed. Provides support for operational security tools and technologies by responding to alerts and troubleshooting issues. Assists with a variety of duties including analysis, system administration, technology testing, incident response and training junior security operations analysts. Serves as the primary interface to the Information Technology Operations Center personnel when responding to incidents.
- Reviews, validates, classifies, and responds to security events.
- Analyzes a variety of network and host-based security logs (Firewalls, NIDS, HIDS, Syslog, etc.).
- Monitors and analyzes network traffic and IDS/IPS alerts, investigating intrusion attempts and performing in-depth analysis of exploits and attacks.
- Conducts proactive threat and vulnerability research.
- Participates in incident reporting for high priority events, from initial response to triage, to determining remediation actions and escalation paths.
- Performs security Incident Event Management (SIEM) console monitoring and correlation.
- Evaluates new security technology for the organization through quantitative and qualitative measures.
- Provides skilled technical assistance in Information Security strategy and planning.
- Performs firewall rule changes based on submitted requests.
- Presents security research analysis and recommendations to the Information Security management team.
- Resolves Hotline issues (issue resolution, security incident reporting) and Abuse issues (email, phishing attacks, social engineering calls).
- Continuously monitors regulatory compliance through implemented Information Security technologies.
- Administers, monitors and troubleshoots antivirus activities, and email gateway issues. Configures and tests new IDS/IPS rules based on in-depth security analysis.
- Performs network and host DLP monitoring and logging.
- Performs application whitelisting and file integrity monitoring.
- Conducts threat and vulnerability research, intelligence and monitoring.
- Maintains and increases professional and technical knowledge by attending workshops, reviewing professional publications, establishing personal networks and participating in professional societies.
- May provide direction and support to less experienced security engineering staff to orient them and increase their understanding of more complex security analysis and design.
- May lead moderately complex security projects as assigned.
- Performs other duties as assigned or apparent.
- Bachelor’s degree in Computer Science or a related field, or equivalent experience required
- Minimum of 4 years progressive IT security skills, IT audit experience required
- Ability to work shifts based on need and situations in a 24X7 operations department
- Systems Security Certified Practitioner (SSCP), Security+, or comparable Information Security certification
- Proven ability performing moderately complex security analysis for information technology
- Thorough knowledge and understanding of the technical Information Security environments and processes
- Excellent oral and written communication skills to effectively interact with internal and external customers