Are you an experienced Information Security Sr Analyst with a desire to excel? If so, then Talent Software Services may have the job for you! Our client is seeking an experienced Information Security Sr Analyst to work in Overland Park, Kansas.
Position Summary:
- The Information Security Analyst will support the Cyber Defense and Operations (CDO) programs including Security Operations Center (SOC), Incident Response (IR), threat monitoring, threat hunting, EDR management, and assist with cybersecurity assessment activities.
- In this role, the candidate will be responsible for monitoring, analyzing, and maintaining the security and integrity of networks and applications by ensuring system controls are properly deployed while adhering to security standards and industry best practices. The Information Security Analyst will have knowledge and experience with SIEM, Incident Response, event analysis, threat intelligence, EDR, and security operations.
Primary Responsibilities/Accountabilities:
- Responsible for the day-to-day operation and response to alerts, alert triage, and escalation from SIEM, IDS/IPS, EDR, email & web security, application, and network security devices.
- Proactively search for signs of malicious activities and potential security incidents.
- Investigate and resolve security events and incidents.
- Conduct forensic analysis of security breaches and incidents.
- Investigate and analyze the root cause of incidents and breaches.
- Analyze various data sources, such as SIEM logs, network traffic, and endpoint data to identify anomalies and indicators of compromise.
- Continuously review, test, and improve the Incident Response Plan (IRP).
- Document and maintain procedures related to Security Operations Center (SOC) and Incident Response & Operations.
- Monitor, triage, and respond to alerts from information security tools and escalate issues to senior management as needed.
- Oversight and governance over the coverage and quality of the log sources being consumed by the SIEM (such as workstations, servers, cloud platforms, EDR, network devices, firewall, secure mail gateways, and applications).
- Maintain up-to-date knowledge of emerging threats and vulnerabilities.
- Generate technical and executive metrics for visibility and continuous improvement for the Security Operations Center (SOC) and Incident Response & Operations Programs.
- Coordinate and participate in risk assessment efforts and assist with remediation of findings.
- Identify security risks and exposures; determine the root causes of security incidents and recommend the plan of action to improve the security posture.
- Monitor trending TTP's to prepare for future breach attempts.
- Analyze and remediate EDR related incidents and gaps.
- Support and manage security tools by continuously tuning and optimizing capabilities.
- Collaborate with other teams to learn from every incident and harden preventions to "never experience the same problem twice ".
- Perform other duties as assigned.
Qualifications:
- Bachelor's degree in information security or equivalent work experience
- 4+ years of Information Security experience.
- 3+ year experience with responding to cybersecurity events and incidents.
- Knowledge of security technologies and tools (e.g., SIEM, IDS/IPS, EDR).
- Ability to communicate and work effectively with others, harness different skills and experience, and build a strong sense of team spirit even if escalating critical incidents to IT stakeholders with conflicting schedules.
- Action and results-oriented with the ability to overcome obstacles and able to work well under deadlines in a changing environment.
- Knowledge of security technologies and tools (e.g., SIEM, IDS/IPS, EDR).
- Strong speaking and writing skills with ability to effectively communicate to both engineers and senior leadership.
- Strong understanding of current threats and trends present in the cybersecurity and OT field.
- Highly motivated individual with the ability to self-start, prioritize, multi-task, and has a "can-do " attitude.
- Knowledge of security and privacy frameworks such as Cyber Kill Chain, MITRE, NIST, ITIL, SANS, NERC CIP, CIS, CMMC, OWASP, etc.
- One or more certifications: Security+, GCIA, GCIH, CEH, CISSP
- Bachelor's degree in information security or equivalent work experience