The Security Analyst II is the second line of defense and is primarily responsible for monitoring multiple security alert sources, eliminate false positives, triage significant security events and conduct incident response. The Security Analyst 2 will also be responsible for configuration and testing of the monitoring and alerting tools and in providing support to Security Analysts with the identification of suspicious and malicious activity within the Fund.
- Participate in all the phases of incident response process, including detection, containment, eradication, and post-incident reporting.
- Conduct thorough investigative actions based on security events and remediate as dictated by standard operating procedures
- Provide escalated response and support to intrusion or security breach investigations
- Management and monitoring of security devices vulnerability management systems, security configuration systems, enterprise correlation systems.
- Automate security management processes including alerting, network management
- Assess, design and recommend security incident avoidance platform based on systems resiliency models
- Monitor access control and authorization systems and practices of security architecture
- Performs Malware analysis, including exploitation and mitigation techniques
- Documents vulnerabilities and Exploits used while analyzing a malware. Analyze, evaluate, and document malicious code behavior.
- Identifies commonalities and differences between malware samples for purposes of grouping or classifying for attribution purposes.
- Performs research on vulnerabilities, exploits, zero-day Malware and then providing early alerts to Security Engineering team along with mitigation strategy.
- Ensures the accuracy and integrity of information throughout reporting.
- Assists the Incident response lead in developing and setting up frameworks for developing incident response toolkit.
- Monitors threat and vulnerability message boards and information resources to identify new and emerging enterprise concerns.
- Maintains and uses vulnerability scanners, monitoring /correlation systems, and incident tracking mechanisms.
- Provides technical input on threat and vulnerability risks.
- Monitors vulnerability alert, identification, and escalation data for reporting to manager level resources.
- Support all aspects of Security Information and Event Management initiative.
- Supporting the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
- Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities
- Tunes ArcSight performance and event data quality to maximized ArcSight system efficiency and detection capabilities
- Continuously improve security monitoring program leveraging log analysis, data mining and security alerting (SIEM)
- Assists with analyst using ArcSight and other tools to detect and respond to IT security incidents.
- Must be able to support data collection from a large, complex server and network infrastructure and user base.
- Review the daily report resulting out of the above intelligence feed, analyze the alerts, eliminate false positives and accordingly create a case in case management system.
- Periodically review an existing intelligence feed maintained in SIEM tool to remove false positives.
- 7+ years of hands on experience in all areas of threat and vulnerability management, and Incident response
- The candidate must have strong experience in: (i) IT Security Operations at organizations facing multiple and sophisticated threats, preferably in the financial, insurance or pharmaceutical industries; (ii) Incident Response in complex and advanced threat environments; (iii) IT Security- in the areas of infrastructure, network, endpoints, applications, and database system technologies; and (ix) Articulating Security Intelligence into advanced monitoring and correlation strategies.
- An Associate's degree in computer science, information systems or other related field; or equivalent work experience.
A strong understanding of cyber security threats, vulnerabilities, attacks, responsible groups, motivations and techniques To be considered for this role the candidate must have an understanding of Information Security including cyber security threats, vulnerabilities, attacks, responsible groups, motivations and techniques.
- A strong understanding of the ArcSight SIEM platform
- Experience in incident response required; (e.g. Indepth knowledge of Windows/Unix operating system forensics, event logging systems, authentication methods, remote and local web application security, penetration testing).
- Strong expertise in information security around platforms and IT infrastructure required; (e.g. Indepth knowledge of Windows/Unix operating system security, authentication methods, firewalls, routers, IDS/IPS, remote and local web application security, penetration testing).
- Experience in performing vulnerability scanning and supporting processes
- Strong understanding and working knowledge of (i)Incident management techniques and processes: malware analysis, designer malware detection, APT response, forensics ; (ii) security tools and products like IBM Proventia, SNORT, WebSense proxy, SQUID proxy, Symantec and McAfee AV, Etheral, TCP Dump, NMap, Nessus, Retina, NetFlow, Packet capture tools, Nikto, CA Siteminder, Checkpoint and Cisco ASA firewalls, DataPower SOA, FireEye, Bit9, ForeScout NAC, Juniper remote access gateways, TippingPoint, EnCase etc.
- Strong understanding of IP Protocol Suite; knowledge of IP Routing protocols.
- Knowledgeable in attacker capabilities, intentions, and motives. They can apply this along with knowledge of network fundamental and opensource technologies in order to devise key intelligence topics, indicators, and warnings.
- Scripting in .vbs, .bat, Unix shell and perl is preferred.
- The successful candidate should be a self-starter, capable of focused research, collection and analysis of intelligence relevant to the retail industry and enterprise information security.
- Understanding of Information Security industry standards/best practices (e.g., NIST, PCI) along with and understanding of Information Security related laws and regulations (e.g., PCI, HIPAA, SOX).
- CISSP IS REQUIRED. Additional certifications like EnCE, CFE, CEH, GWAPT, GPEN, or GREM are preferred.
- ArcSight Certification (ACSA, ACIA)
- Systems (MCSA, MCSE, LPIC-2/3, RHCE, etc.)
- Networking (CCNP, CCIE, etc.)
ClearanceJobs.com - 15 months ago