Overview
Harmonia Holdings Group, LLC is an award-winning, rapidly growing federal government contractor committed to providing innovative, high-performing solutions to our government clients and fostering a workplace that encourages growth, initiative, creativity, and employee satisfaction.
Position Title: Cybersecurity Alerts Analyst Location: Remote Terms: Full-time Clearance: Public Trust
Position Description We have an opening for a full-time, Cybersecurity Alerts Analyst to join our talented, dynamic team. As a Cybersecurity Alerts Analyst, you will play a critical role in supporting the mission of the Veterans Affairs (VA) by monitoring key cybersecurity systems for intrusions and vulnerabilities amongst VA’s application environments. Veterans are encouraged to apply.
Responsibilities
For a Cybersecurity Alerts Analyst, the duties related to Palo Alto\'s Prisma Cloud tools are highly focused on triage, investigation, and response for cloud-native security events. This role centers on the unique risks of the cloud.
Review and triage alerts generated by Prisma Cloud as the first line of defense and identify if the alert is a true positive or a false positive.
Use Prisma Cloud\'s features to enrich alerts with critical context; examine the affected asset (e.g., a container, serverless function, or virtual machine), its environment (production vs. development), its network exposure, and any associated user or service identities to help quickly determine severity and business impact.
Prioritize the most critical alerts using Prisma Cloud\'s risk scoring and attack path analysis, focusing on incidents that show a clear path to sensitive data or a known exploitable vulnerability, rather than simply responding to every low-severity misconfiguration.
Perform a deeper investigation for true positive alerts, pivoting from the alert to review associated logs, network traffic, and forensic data within Prisma Cloud\'s dashboard.
Proactively use Prisma Cloud\'s tools to hunt for potential threats that haven\'t triggered an alert, such as anomalous activity, suspicious network connections, or unauthorized changes to cloud configurations.
Identify the root cause of incidents (e.g., why a vulnerable container was allowed into production or why a user has overly permissive access).
Work with security orchestration, automation, and response (SOAR) playbooks, often integrated with Prisma Cloud, to trigger automated response actions. This could involve automated processes to disable a compromised user account or a "+virtual patch" to a host to prevent an exploit.
Provide the technical team with specific, actionable remediation steps where automation isn’t possible.
Document the investigation and provide clear, concise communication to stakeholders, escalating high-priority incidents to senior analysts or incident response teams with all necessary context.
Fine-tune Prisma Cloud policies to reduce alert fatigue if false positives persist, and collaborate with senior engineers or DevOps to adjust policies or exclude specific resources.
Create new detection rules based on emerging threats or new compliance requirements using Prisma Cloud\'s policy-as-code capabilities.
Requirements
Bachelor\'s Degree or higher - equivalent experience may be considered in lieu of a degree.
3 years\' experience with a SIEM tool, 5 years without a degree. (Examples: Splunk, Exabeam, SentinelOne, QRadar, Sumo Logic, etc.)
Desired
XSIAM and Prisma Cloud experience a plus.
Experience with Agile project management methods and frameworks such as SCRUM.
Exceptional written and verbal communication skills.
Strong planning, organizational, and time management skills.
Exceptional analytical and conceptual thinking skills.
Strong leadership skills and ability to work collaboratively with a team of peers.
Additional Information
We are recognized for our outstanding work culture and innovative work.
#J-18808-Ljbffr
Position Title: Cybersecurity Alerts Analyst Location: Remote Terms: Full-time Clearance: Public Trust
Position Description We have an opening for a full-time, Cybersecurity Alerts Analyst to join our talented, dynamic team. As a Cybersecurity Alerts Analyst, you will play a critical role in supporting the mission of the Veterans Affairs (VA) by monitoring key cybersecurity systems for intrusions and vulnerabilities amongst VA’s application environments. Veterans are encouraged to apply.
Responsibilities
For a Cybersecurity Alerts Analyst, the duties related to Palo Alto\'s Prisma Cloud tools are highly focused on triage, investigation, and response for cloud-native security events. This role centers on the unique risks of the cloud.
Review and triage alerts generated by Prisma Cloud as the first line of defense and identify if the alert is a true positive or a false positive.
Use Prisma Cloud\'s features to enrich alerts with critical context; examine the affected asset (e.g., a container, serverless function, or virtual machine), its environment (production vs. development), its network exposure, and any associated user or service identities to help quickly determine severity and business impact.
Prioritize the most critical alerts using Prisma Cloud\'s risk scoring and attack path analysis, focusing on incidents that show a clear path to sensitive data or a known exploitable vulnerability, rather than simply responding to every low-severity misconfiguration.
Perform a deeper investigation for true positive alerts, pivoting from the alert to review associated logs, network traffic, and forensic data within Prisma Cloud\'s dashboard.
Proactively use Prisma Cloud\'s tools to hunt for potential threats that haven\'t triggered an alert, such as anomalous activity, suspicious network connections, or unauthorized changes to cloud configurations.
Identify the root cause of incidents (e.g., why a vulnerable container was allowed into production or why a user has overly permissive access).
Work with security orchestration, automation, and response (SOAR) playbooks, often integrated with Prisma Cloud, to trigger automated response actions. This could involve automated processes to disable a compromised user account or a "+virtual patch" to a host to prevent an exploit.
Provide the technical team with specific, actionable remediation steps where automation isn’t possible.
Document the investigation and provide clear, concise communication to stakeholders, escalating high-priority incidents to senior analysts or incident response teams with all necessary context.
Fine-tune Prisma Cloud policies to reduce alert fatigue if false positives persist, and collaborate with senior engineers or DevOps to adjust policies or exclude specific resources.
Create new detection rules based on emerging threats or new compliance requirements using Prisma Cloud\'s policy-as-code capabilities.
Requirements
Bachelor\'s Degree or higher - equivalent experience may be considered in lieu of a degree.
3 years\' experience with a SIEM tool, 5 years without a degree. (Examples: Splunk, Exabeam, SentinelOne, QRadar, Sumo Logic, etc.)
Desired
XSIAM and Prisma Cloud experience a plus.
Experience with Agile project management methods and frameworks such as SCRUM.
Exceptional written and verbal communication skills.
Strong planning, organizational, and time management skills.
Exceptional analytical and conceptual thinking skills.
Strong leadership skills and ability to work collaboratively with a team of peers.
Additional Information
We are recognized for our outstanding work culture and innovative work.
#J-18808-Ljbffr