Job Description: • Ability to technically interpret security events from: firewalls, endpoint protection, intrusion prevention/detection systems, security information and events management (SIEM), proxies, advanced persistent threats, email systems, servers (physical and virtual), databases and packets • Ability to interpret common attacks and exploits including but not limited to: Denial of Service, Domain Name Systems, malware infections, exploit kits, drive-by compromises, spear phishing, and/or zero days • Ability to analyze and reverse engineer malware packages to assess threats and indicators of compromise • Ability to create, correlate and modify advanced SIEM use-cases to trigger notifications on all severity levels of incidents • Ability to develop, analyze and interpret programming of malicious codes • Ability to demonstrate mastery of Tier 1 and Tier 2 Security Operations Center (SOC) Analyst responsibilities • Ability to reliably monitor and analyze specified data sources and incidents • Must have technical experience and knowledge on network and systems administration • Ability to consistently follow incident monitoring processes and procedures • Ability to document and communicate incident status updates, for non-technical personnel • Ability to create consistent and complete incident reports • Responsible for monitoring escalated event alerts • Ability to work well under pressure and be able to think outside of the box
Requirements: • Minimum 2 (two) years of incident handling, security architecture, malware analysis, or similar experience is preferred • Candidate is preferred to have at least one of the following certifications (should be current): Security+, GSEC, GCIA, GCIH, CISSP or equivalent but is not required
o College graduate with a computer science, computer engineering, forensic degree may be considered.
Valid security clearance is preferred but not required