Senior Cyber Security Ops Analyst
Applicants Need To Know
- 6+ Month Contract
- Work Status: USC, GC
- Sponsorship: No, Sponsorship provided.
- Office Type: Remote
- Location: Eastern OR Central time zones
- Hourly Rate: $75 to $85 W2 Only
- No Corp-to-Corp
Please note that only candidates who are authorized to work in the United States without sponsorship will be considered for this position.
We seek a Senior Cyber Security Ops Analyst for our client. This is a contract position lasting 6+ months. The role is remote and requires availability in the Eastern or Central time zones.
As a Sr Cyber Security Ops Analyst, you will be responsible for security monitoring and incident response for both internal and external threats. You will collaborate with internal IT teams and MSSP to ensure effective security monitoring and response. Additionally, you will implement advanced security monitoring techniques to identify malicious behavior and develop automation response scripts to remediate commodity threats. Your role will also involve performing threat analysis utilizing industry standard frameworks and conducting threat research to improve detection and response capabilities. You will have the opportunity to propose and review security plans and policies to enhance the overall security environment.
The Work:
- Conduct investigations and respond to internal and external security threats.
- Oversee, respond to, and remediate DLP (data loss prevention) and SIEM events from on-premise and cloud systems.
- Implement advanced security monitoring techniques to identify malicious behavior on SaaS, cloud systems, network, servers, and endpoints.
- Manage, administer, and improve security monitoring products for DLP, SIEM, EDR, AV, Cloud Security products, IDS, and other industry-standard security technologies.
- Develop automation response scripts to remediate commodity threats.
- Perform threat hunting activities to identify compromised resources.
- Understand and perform threat analysis utilizing industry-standard frameworks (kill chain and diamond model).
- Perform threat research and intelligence gathering to improve detection and response capabilities.
- Propose and review security plans and policies to improve the security environment.
- Maintain operational playbooks, process diagrams, and documentation for security monitoring and response.
- Review proposed Security deployments to ensure security monitoring requirements are met.
- Provide off-hour support as needed for security monitoring and response activities.
- Work closely with MSSP services, external forensic providers, and in-house IT teams to respond to and remediate security incidents both internal and external.
- Review compromised systems to identify the root cause of security incidents.
Qualifications:
- Minimum of 5 years of experience in security monitoring and incident response
- Strong knowledge of DLP (data loss prevention) and SIEM events
- Experience with advanced security monitoring techniques on SaaS, cloud systems, network, servers, and endpoints
- Proficiency in managing and administering security monitoring products for DLP, SIEM, EDR, AV, Cloud Security products, IDS, and other industry standard security technologies
- Ability to develop automation response scripts for commodity threats
- Familiarity with threat hunting activities to identify compromised resources
- Understanding of threat analysis utilizing industry standard frameworks (kill chain and diamond model)
- Experience in threat research and intelligence gathering to improve detection and response capabilities
- Knowledge of reviewing security plans and policies to enhance the security environment
- Strong documentation skills for operational playbooks, process diagrams, and security monitoring/response documentation
- Ability to review proposed Security deployments to ensure compliance with security monitoring requirements
- Willingness to provide off-hour support for security monitoring and response activities
Nice to Have:
- Experience with cloud security technologies such as CASB, Cloud Access Security Brokers
- Knowledge of scripting languages such as Python or PowerShell
- Familiarity with industry compliance standards (e.g., PCI DSS, HIPAA, GDPR)
- Certifications in relevant areas such as CISSP, CISM, or CEH
- Experience working with incident response tools and processes
#CyberSecurity #SecurityOps #IncidentResponse #ThreatAnalysis #SecurityMonitoring #DataLossPrevention #SIEMEvents #CloudSecurity #EndpointSecurity #ITSecurity