Threat Response Analyst

Intelisecure Greenwood Village , CO 80111

Posted 2 days ago

MISSION STATEMENT

Make the digital world a safer place to capitalize on ideas and share information.

POSITION SUMMARY

The Threat Response Analyst (TRA) will be responsible for acknowledging and researching ALL Security Incident Event Management (SIEM), User and Entity Behavior Analytics (UEBA) and Cloud Access Security Broker (CASB) alarms during their shift.

They will perform historical correlation analysis on incidents and events generated inside of the environments. They will also be responsible for following case development and escalation workflows when activity needs to be escalated to the client and provide tuning recommendations to the Client Service Manager

Ensure all tasks performed adhere to the firms ISO 27001 Information Security Management System (ISMS). This includes participation in annual information and network security training and acceptance of spot checks on an ad hoc basis to guarantee that InteliSecure is constantly improving upon the organizations ISMS. Each member of our team must understand the importance of the ISMS and the subsequent handling of client data.

DUTIES & ESSENTIAL JOB FUNCTIONS:

  • The Threat Response Analyst will be responsible for acknowledging and researching ALL Security Incident Event Management (SIEM), User and Entity Behavior Analytics (UEBA) and Cloud Access Security Broker (CASB) alarms during their shift.

  • The Threat Response Analyst will be responsible for following case development and escalation workflows when an alarm needs to be escalated to the client.

  • The Threat Response Analyst will be responsible for performing historical correlation analysis on incidents and events generated inside of the environments. They will also be responsible for following case development and escalation workflows when of note activity needs to be escalated to the client.

  • The Threat Response Analyst will be responsible for providing rule and alarm tuning recommendations to the SIEM engineering team while also notifying the Client Service Manager.

OTHER FUNCTIONS AND RESPONSIBILITIES:

  • Perform other duties as assigned

QUALIFICATIONS:

  • Knowledge of SIEM technology and functions of some security tools (IDS/IPS, Firewalls, etc.)

  • Experience working with interpreting, tuning, searching and manipulating data within SIEM, UBEA, CASB or other related security tools

  • Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes

  • Bachelors Degree in Information Technology, Information Security/Assurance, and Engineering or related field of study; or at least two years of related experience and/or training; or equivalent combination of education and experience preferred.

  • Associates Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.

  • Experience utilizing the Cyber Kill Chain, Diamond Model or other appropriate models

  • Experience in gathering and managing threat intelligence

  • Ability to present a recommended remediation strategy to client in professional format

  • Knowledgeable and experienced using basic regular expressions

  • Ability to fully utilize MS Office products required

HIGHLY PREFERRED:

  • Linux administration experience

  • Windows administration experience

  • Shell scripting experience e.g. BASH, CSH, KSH

  • Experience using open source tools such as Remnux, Kali, VirusTotal, IPVoid, TCPdump MetaSploit, Wireshark, etc

  • Certification: Security+, Network+, CEH or equivalent certification is desired but not required.

This list of duties and responsibilities is not intended to be all-inclusive and may be expanded to include other duties or responsibilities that management may deem necessary from time to time.

InteliSecure provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Threat Analyst Global Threat Operations

Trustwave

Posted 2 weeks ago

VIEW JOBS 2/6/2020 12:00:00 AM 2020-05-06T00:00 Trustwave is a leading cybersecurity and managed security services provider that helps businesses fight cybercrime, protect data and reduce security risk. Offering a comprehensive portfolio of managed security services, security testing, consulting, technology solutions and cybersecurity education, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com. The Cyber Threat Analyst is a member of the Global Threat Operations (GTO) team within Trustwave Managed Security Services (MSS). In addition to possessing technical knowledge, a Threat Analyst interacts extensively with customers and partners using polite, professional etiquette. Cyber Threat Analysts perform the following duties: * Use strong TCP/IP networking skills to perform network analysis and understand detected threats. * Analyze and respond to security events from firewalls, IDS, IPS, SIEM, Web Application Firewall (WAF) and other security data sources within documented SLA. * Respond within service level agreement (SLA) standards to customer tickets and threats requiring incident notification. * Tune devices for blocking and reporting based on customer business need. * Use effective written and verbal communication skills to interact with customers and internal resources in a polite, positive, and professional manner. * Take responsibility for customer satisfaction and overall success of managed services. * Respond to needs and questions of customers concerning their managed services, managed devices and detected threats. * Adhere to policies, procedures, and security best practices. * Resolve problems independently and understands the correct escalation procedures. Skills & Knowledge Requirements: Must have basic proficient skills/knowledge in some of the following: * Information security best practices & network security architecture * Current events in Cyber Security and associated patching and remediation efforts * Unix / Linux operating systems * TCP/IP networking * Sourcefire/Snort based security products * IP Tables/Packet filter firewalls * Scanning technologies * Log collection and analysis tools Desired experience: * Information security, web server administration, or networking * Excellent customer service skills * Excellent analytical thinking and problem solving skills * Strong oral and written communication skills * Self-managed and team oriented * Deadline and detail oriented * Highly motivated Required: * English: Demonstrated Fluency Preferred: * Certified in Security related Industry, Vendor or Professional Certification- GCIA, GCIH, Security+, OSCP, or CEH preferred. * 2nd language is also desired: Spanish, Portuguese Education: We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment. Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities. To All Agencies: Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave's policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid. Trustwave Greenwood Village CO

Threat Response Analyst

Intelisecure