Cyber Fusion Center Triage Analyst - Incident Detection

Blackberry Limited Dallas , TX 75201

Posted 1 week ago

Worker Sub-Type:

Regular

Job Description:

THE POSITION

The Triage Analyst supports the Incident Response team by responding to escalated alerts and monitoring alerts during heavy volume events. This position conducts more in-depth analyses of security incidents with the specific ability to identify Indicators of Compromise, perform intrusion scope and root cause analyses and implement triaging protocols to mitigate potential damage to the client's cyber ecosystem.

KEY RESPONSIBILITIES

  • Updates procedures and configure tools for Monitoring Analysts consumption

  • Escalates cyber security events according to the client's playbook and standard operation procedures (SOPs)

  • Performs additional analysis of escalations from Tier 1 Analysts and conduct case review

  • Assists with containment of threats and remediation of environment during or after an incident

  • Escalates high or critical severity level incidents to Incident Investigators

  • Consumes threat intelligence and disseminate findings to relevant parties

  • Conducts hunting activities based on internal and external threat intelligence

  • Performs triage of service requests from customers and internal teams

WHO WE ARE LOOKING FOR

  • BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience

  • 2+ years of experience using event escalation and reporting procedures, managing security alerts within enterprise SIEM systems and performing network monitoring in a Cyber Security Operations environment

  • Demonstrated analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly

  • Understanding TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB

  • Knowledge of how common network protocols and applications work at the enterprise level, including DNS, HTTP, and SMB

  • Knowledge of how the Windows file system and registry function

  • Must be onsite in Plano, TX (Monday Friday, flexible work hours if possible)

ABOVE AND BEYOND

  • Experience with Splunk and other SIEM platforms, Enterprise Intrusion Prevention Systems, Endpoint Detection tools, and other security products

  • Experience conducting incident handling and response efforts in large enterprise environments

  • Experience supporting incident investigations

  • Experience working in a 24/7 SOC environment

  • Security certifications (e.g. Security+, Network+, CEH, SANS etc.)

WHAT WE NEED FROM YOU TO APPLY

  • Current resume

  • Github link or previous project portfolio

Job Family Group Name:

Sales

Scheduled Weekly Hours:
40


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Cyber Fusion Center Triage Analyst Incident Detection

Blackberry Limited

Posted 1 week ago

VIEW JOBS 4/6/2019 12:00:00 AM 2019-07-05T00:00 Worker Sub-Type: Regular Job Description: THE POSITION Cylance is looking for a talented Senior Cyber Triage Analyst to join our team and support our client in Plano, TX. This position conducts threat identification, analysis, and remediation by utilizing cyber defense tools and security best practices. This position requires working closely with other security teams and stakeholders to remediate threats and protect the environment. WHAT YOU WILL DO * Monitor the network, systems, and applications for any suspicious behaviors, activities, and anomalies. * Investigate escalated security events according to existing policies. * Perform traffic analysis, threat hunting activities and malware analysis. * Create new correlation rules and fine-tune existing rules to improve deletion efforts and reduce false positives. * Mentor and train Junior analysts. * Collaborate with other team members to establish new processes and procedures. * Assist with side projects and other tasks as needed. WHO WE ARE LOOKING FOR * BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience preferred. * 3+ years of experience investigating and responding to intrusions in an enterprise or security operations environment. * Proven experience in log analysis, incident handling, threat hunting, and malware analysis. * Solid understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB * Advanced experience with SIEM and log aggregation technologies. * Demonstrated close attention to details, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly * Ability to work in a 24/7 monitoring environment with dynamic hours and rotating shifts. * Must be onsite in Plano, TX. * Security certifications such as GCIA, GCIH, or CISSP are preferred but not required. * Must be onsite in Plano, TX Monday – Friday, relocation available ABOVE AND BEYOND * Experience with Splunk and other SIEM platforms, Enterprise Intrusion Prevention Systems, Endpoint Detection tools, and other security products * Experience supporting incident investigations in a large and complex environment * Experience working in a 24/7 SOC environment WHAT WE NEED FROM YOU TO APPLY * Current resume * Github link or previous project portfolio (optional) Job Family Group Name: Sales Scheduled Weekly Hours: 40 Blackberry Limited Dallas TX

Cyber Fusion Center Triage Analyst - Incident Detection

Blackberry Limited