Hybrid position. No H1B or C2C
Advanced knowledge of SIEM technologies preferably Microsoft Sentinel
- Senior Information Security Analyst Threat and Vulnerability Management– significant experience in cybersecurity, incident response, KQL, Microsoft Security Stack, will manage Microsoft Sentinel SIEM
Must have advanced KQL
Under minimal direction, the SOC (Security Operations Center) / Security information and event management (SIEM) Analyst collaborates to develop innovative and effective procedures for the SOC to enhance coordination and incident response operations. Additionally, the SOC / SIEM Analyst will lead configuration and deployment of our SIEM tool, monitor network traffic for security events, and perform triage analysis to identify security incidents.
Projects & Requirements:
- Writes procedures for processing and retention of log data
- Support configuration and integration of data feeds into the enterprise Security Information and Event Management (SIEM) solution.
- Monitor network traffic for security events and perform triage analysis to identify security incidents.
- Conducts analysis and digital forensics to identify, monitor, review, assess and counter the threat posed by cyber criminals and bad actors.
- Communicates with IT teams and management to warn of possible risks to data and systems, promote plans to mitigate those risks, write cybersecurity alerts and advisories.
- Utilizes threat intelligence to mitigate potential data threats, protect data, and impede criminals from accessing regulatory and proprietary data.
- Prior experience in leading Security Operations Center (SOC) and SIEM technologies
- Advanced knowledge of the TCP/IP protocol suite, security architecture, and remote access security techniques/products.
- Advanced knowledge of SIEM technologies preferably Microsoft Sentinel
- Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools.
- Strong understanding of incident response methodologies and technologies
- Forensic and Malware analysis experience
Role & Responsibilities:
- Analyzes system data to determine broad issues/trends and to determine root cause of problems and report on status of information security.
- Responsible for investigating incidents, analyzing attack methods, researching new defense techniques and tools, developing security policy, and documenting procedures for the SOC / SIEM.
- Identifies security vulnerabilities and pinpoint indicators of compromise (IOC) such as suspicious IP addresses, URLs, email addresses and attachments, registry keys and filenames that may signify malware attacks, phishing attempts or attacks from external hosts.
- Compile comprehensive audit reports identifying potential risks / threats.
- Perform assessment as well as troubleshooting and help isolate issues with IDS/IPS. sensors, Antivirus servers, Vulnerability scanners.
- May also participate in the evaluation and implementation of other new security solutions.
- Develops documentation as necessary to support the overall delivery of SOC / SIEM and threat management objectives. This includes but is not limited to project plans, communications, executive presentations, job aids, training materials, technical reference documentation metrics/measures packages, and Request for Proposal/Offers (RFP/RFO’s).
- Develop log and data retention requirements for the SIEM.
- Be part of the RFP committee, coordinate responses to vendor’s questions, and perform vendor onboarding and project coordination activities.
- Demonstrate intuitive problem solving and exemplary teamwork skills, work closely with other teams to assess risk, and provide recommendations for improving our security posture.
- Must be able to weigh business needs against security concerns and articulate issues to management and stakeholders.
- May assist in establishing Security Orchestration and Automated Response (SOAR) technologies.
- Other duties as assigned.
REQUIREMENTS
Education:
- High School diploma, or G.E.D. equivalency from an accredited educational institution.
Experience:
- Four (3) years of work experience in a relevant role, i.e Senior SOC Analyst, Incident Response, Threat Analyst.
Knowledge, Skill & Abilities (KSA’s)
- Prior experience in leading Security Operations Center (SOC) and SIEM technologies
- Advanced knowledge of the TCP/IP protocol suite, security architecture, and remote access security techniques/products.
- Advanced knowledge of SIEM technologies preferably Microsoft Sentinel
- Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools.
- Strong understanding of incident response methodologies and technologies
- Forensic and Malware analysis experience
Preferred Certifications:
- Comptia Security+, Network+, CySA+ or equivalent certification.
- GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH, CISSP, CCNA (Security) or equivalent Certifications.
Preferences:
- Bachelor's degree in Information Systems, Information Security, Information Technology, Computer Science, or similar area of study from an accredited college or university.
- Hands-on experience with SIEM capability and tools like MS Sentinel
- Cyber Threat and Intelligence gathering and analysis.
- Excellent knowledge of Intrusion Detection (deep TCP/IP knowledge, and Cybersecurity), various operating systems (Windows/UNIX), and web technologies (focusing on Internet security)
- Experience with Intrusion detection and prevention and Network Security Products (IDS/IPS, firewalls), Host Security Products (HIPS), Anti-Virus, vulnerability scanners, etc.
- Advanced knowledge of SIEM technologies preferably Microsoft Sentinel
- Knowledge of Endpoint and Mobile Device Management Solutions;
- Significant experience in cybersecurity, incident response, KQL, Microsoft Security Stack,
- Will manage Microsoft Sentinel SIEM
Automatic Disqualification:
· Convictions, probation, or deferred adjudication for any Felony, and any Class A Misdemeanor
· Convictions, probation, or deferred adjudication for a Class B Misdemeanor, if within the previous 10 years
· Open arrest for any criminal offense (Felony or Misdemeanor)
· Family Violence conviction
Job Types: Full-time, Contract
Pay: From $80.00 per hour
Experience level:
Schedule:
Application Question(s):
- YOU MUST HAVE KQL EXPERIENCE
Experience:
- SOC and SIEM: 6 years (Required)
- KQL: 2 years (Required)
- Microsoft Sentinel: 5 years (Required)
Work Location: In person