The Security Operations Lead Analyst will be a part of the Information Security team, focusing on the operational aspects of our security work and will have a strong technical background. As a key participant within the security team, he/she will share in responsibilities of maintaining security systems and conducting security operations at the infrastructure and application level
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Experience using and troubleshooting endpoint and network security tools and appliances including Firewalls, IDS/IPS, and other cloud based security appliances
Analyze system vulnerability scans, penetration tests and risk assessments; and work with business units to resolve identified vulnerabilities within established SLAs.
Review threat feeds/intel and translate into operational tasks
Work with messaging team on mitigating phishing attacks
Reviewing security logs and tuning security incident event management tool (SIEM)
Assist with managing various components of security operations.
Identify, report, and provide assistance during information security incidents as part of an Incident Response Team. Review and respond to security alerts to investigate malicious activity.
Documenting the technical details of legitimate incidents in applicable tracking and ticketing systems and directing applicable personnel to perform the actions necessary for remediation.
Participate in a 24x365 "On-Call" security incident response team
Assist with internal and external information security assessments and reviews.
Analyzing web-based application security vulnerabilities using both enterprise-grade and manual testing tools.
Assist in managing data loss prevention systems.
Assist with analysis, maintenance, design and infrastructure.
Work closely with cross-functional teams and develop strong liaison relationships.
Developing processing standards, procedures, and automation for use by IT staff in a constantly growing and evolving environment.
Responding to alerts by enterprise monitoring across all systems managed by the team and provide daily operational status
Assisting in updating disaster recovery plans and testing continuity of operations
Delivering weekly reports to supervisor
Keep current on technological trends and developments in the area of information security
INFLUENCE, IMPACT, INTERACTION:
The individual will interact heavily with the service desk and messaging teams in addition to our security vendors
Primary impact will be proactive protection/prevention of any security incidents and continuous improvement of security posture
EDUCATION AND EXPERIENCE:
Bachelor's degree required. Master's or specialization in Information Security/Risk Management preferred.
At least some of these certifications highly desirable - CISSP, CISA, CISM, Solid understanding of IT processes and framework and experience working in IT.
Minimum of 10 years of IT experience.
Minimum of 5 years of experience in information security and risk management required.
QUALIFICATIONS AND SKILLS:
Prior hands on experience with the following technologies: FireEye, Bitsight, Tenable, ForcePoint, Phishlabs, Azure security center, CASB, SASE
Knowledge and understanding of security engineering principles.
Soft skills including the ability to speak and present to management and translate technical terminology for a non technical audience.