IT Security Analyst

Basic Function

The IT Security Analyst position applies mid-level principles and moderate to highly-complex research, evaluation, managing, administering, auditing and monitoring company IT systems in an effort to manage risk.   IT Security Analysts are on the “front lines” of security operations.  This position has the responsibility for ensuring that security tools are appropriately deployed and are running optimally.  Incumbents constantly monitor the environment for signs of trouble and are often the first point of contact when a high-risk alert is issued or a suspected attack begins to affect business operations.  IT Security Analysts also typically conduct the initial stages of a forensics investigation.

Duties & Responsibilities

  • Administer and maintain the ArcSight Security Information and Event Management (SIEM) system
  • Create and troubleshoot parsers and maps for connectors
  • Deploy new ESM, Loggers, Smart Connectors / Flex Connectors as required to collect data feeds
  • Provide capability to analyze ArcSight output and interpret reports
  • Integration of data feeds into ArcSight
  • Perform Content Development including correlation threat cases to properly identify data feeding ArcSight
  • Develop filters to assist in the identification of significant events
  • Develop trending tables and reports
  • Perform support to operations monitoring of IT systems and problems response and resolution.
  • Conduct assessment and classification of
  • Investigate and understand possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.
  • Perform front line, Tier 1 triage, routing and tracking of a variety of security related inquiries, incidents and other issues
  • Review security events generated by a variety of network and/or host based security appliances (Firewalls, NIDS, HIDS, Event logs, etc.) and determine correct remediation actions and escalation paths
  • Research, evaluate and deploy new technologies while remaining budget conscious
  • Conduct risk assessments on proposed and existing systems
  • Work to balance the needs of applying security controls in line with corporate guidelines and not imposing overly restrictive processes that hamper employee productivity or business partner interactions
  • Maintain, enhance and support existing computer applications and systems
  • Troubleshooting system problems and implementing resolutions
  • Developing necessary documentation per established standards
  • Train and orient customers on systems and products
  • Evaluate and test off-the-shelf products to ensure their applicability to corporate business requirement
  • Review and analyze user requests for computer and communication systems, and recommend optimum solutions to meet customer requirements
  • Manage data center facilities infrastructures, and support relevant upgrade projects
  • Analyze and approve changes to computing infrastructure, systems and application
  • Adhere to security and safety regulation and rules
  • Perform other duties and responsibilities as assigned

Education and Experience

  • Bachelor’s degree program in a technical field such as Computer science, Management Information Technology (MIS), Engineering, and Mathematics is strongly preferred; may consider candidates with technical school training or military training and seven (7) years’ experience; may consider HS/GED candidates with ten (10) years’ work experience with a working knowledge of LAN systems and the maintenance and upkeep requirements of an information management system in lieu of Bachelor’s Degree
  • Seven (7) year’s work experience in computing environment or Data Networking fields required
  • Experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) required
  • Experience administering and maintaining ArcSight SIEM
  • Experience with Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments; along with experience working with Security Information and Event Management (SEIM) solutions required
  • Applicant must be able to periodically work 2nd and 3rd shift for vacation coverage and staff training; primary work schedule would be normal Aramco Services Company (ASC) business hours
  • SANS or similar technical certifications are a plus
  • Strong Windows, Unix, Networking, and System Administration skills strongly desired
  • Scripting skills strongly desired
  • Must be a team player with good communication skills
  • Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages
  • Must have experience with a variety of operating system experience, Windows/Linux/Unix in a functional capacity
  • Must have familiarity with TCP/IP services or networks and have a passion and interest for technology as well as desire to learn more about security related platforms and malcode analysis
  • Must exemplify strong analytical skills, consensus building and strong collaboration skills are crucial
  • Possess a risk containment & management mentality towards all efforts in the enterprise with the ability to integrate security into project and development life cycles
  • Ability to create, organize and deliver presentations to end users, peers and management
  • Knowledge of key security monitoring infrastructure tools (firewalls, IPS, SIEM, Email Filtering tools, etc.)
  • Ability to quickly respond and adjust to changing priorities along with the ability to manage multiple projects concurrently
  • Knowledge of and demonstrate ability to proactively research and address emerging cyber security threats and issues
  • Capable of developing business proposals with solid business cases to support the acquisition of new technologies, tools and systems to further enhance the enterprise’s security posture
  • Security and/or Networking experience
  • Advanced knowledge of general security methodologies, concepts and terminologies
  • Advanced knowledge of routing principles and networking fundamentals, well known protocols and services (FTP,HTTP,SSH,SMB,LDAP), and Packet Analysis Tools (TCPDUMP, Wireshark, Ngrep)
  • Advanced knowledge of networking concepts, infrastructure, and terminologies (TCP/IP, VPNs, Proxies, etc.)
  • Advanced knowledge of general IT infrastructure systems and how they work (Microsoft Exchange, Citrix, Databases)
  • Ability to analyze logs and other related data from varied systems to identify signs of a breach or security incident (e.g. firewall, IPS, Antivirus system logs, etc.)
  • Must be able to communicate and comprehend accurately, clearly and concisely in English at a level required to perform the job as outlined; must be able to communicate technical details a clear, understandable manner
  • Must possess good work habits, a strong work ethic, and be able to adhere to company work hours, policies, and standard business etiquette


. . . . . . . .

Leave a Reply