Senior Cybersecurity Operations Analyst
eTeam, Newark, NJ, United States
Job Title:
Senior Cybersecurity Operations Analyst
Location:
Newark, NJ
Duration:
06 months
Pay Range:
$(75.00 – 85.00)/hr on W2 all-inclusive without benefits
Overview The role is actively and continuously searching for malicious internal and external threats as a Tier‑3 analyst as well as working with the other Cybersecurity Analysts to ensure 24/7/365 Cyber Security Operations Center (CSOC) support. This role will also function as the Incident Coordinator for complex cybersecurity incidents and function as a subject matter expert on cyber security technologies and concepts.
Job Description Responsibilities
Act as the incident coordinator by leading incident response actions for active cybersecurity incidents including third party incidents, provide updates to leadership, and follow through until incident is satisfactorily resolved.
Provide technical and thought leadership within CSOC by teaching other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents and other anomalies regularly. Recommend and implement new CSOC practices and approaches (automation) to address program improvements.
Conduct in-depth investigations on complex incidents efficiently to neutralize a threat.
Design, implement, and optimize a proactive/predictive Insider Threat Program leveraging statistical analysis and machine learning (UEBA).
Research and develop new statistical and behavioral detection capabilities for identifying Advance Persistent Threats (APTs) and in support of the CSOC strategies.
Review current tooling to identify gaps and incremental monitoring opportunities. Communicate needs to engineering teams that support CSOC. Assess new security technologies to determine potential value for the enterprise.
Create and maintain standard operating procedures for key functions in CSOC including step‑by‑step guides to technologies used by analysts.
Adhere to established Service Level Agreements (SLAs) and operational KPIs. Based on severity of the incident, this role may be called to work extended hours as needed.
Education / Experience
High School Diploma or GED required.
Bachelor degree in information security/computer science or related technical discipline preferred or relevant experience in lieu of degree.
Requires a minimum of 8 years of Cyber security related work experience which consists minimum 3 years prior experience detecting/responding to cybersecurity incidents using Splunk or similar SIEM platform.
Experience in the health care and/or financial services industries is strongly preferred.
Additional Licensing, Certifications, Registrations
Management level security certifications such as CISSP, CISM or similar highly preferred.
Certified in one or more of the following: SANS GIAC (GCIH, GCIA, GMON, GCED, GCDA, GPEN, etc.), CEH, or similar cybersecurity certification.
SPLUNK SIEM and/or Splunk SOAR certification highly preferred.
Knowledge, Skills, and Abilities
Requires an expert level understanding of IT security concepts with a client‑on advanced detections, digital forensics, and incident response.
Ability to do malware analysis and reverse engineering with good understanding of Advance Persistent Threats (APTs), cybercrime, botnets and other cybersecurity tools, tactics and procedures (TTPs).
Technical knowledge of enterprise‑class network technologies such as firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems (Windows and *nix). Demonstrated understanding/familiarity with networking fundamentals including subnetting, TCP/IP, and internet protocols such as SSL, DNS, HTTP, FTP, etc.
Thorough understanding of Microsoft’s enterprise technology platform, including Azure, Active Directory, SQL, Office365, and the Windows server and desktop operating systems.
Knowledge in four or more cybersecurity tools covering endpoints, email, network, database, web, data loss prevention (DLP), behavior analytics, cloud, access control etc.
Good understanding of AWS cloud security controls.
Advanced knowledge in Splunk Enterprise Security and Splunk SOAR with ability for Splunk/SOAR detection engineering.
Proficiency with Windows PowerShell or Python scripting language.
Strong verbal and written communication skills, including the ability to provide technical thought leadership on security incident investigation calls with other technology teams, and the ability to translate complex technical concepts into plain English for consumption by non‑technical audiences.
Requires excellent interpersonal skills and the ability to work effectively with others as a team.
#J-18808-Ljbffr
Senior Cybersecurity Operations Analyst
Location:
Newark, NJ
Duration:
06 months
Pay Range:
$(75.00 – 85.00)/hr on W2 all-inclusive without benefits
Overview The role is actively and continuously searching for malicious internal and external threats as a Tier‑3 analyst as well as working with the other Cybersecurity Analysts to ensure 24/7/365 Cyber Security Operations Center (CSOC) support. This role will also function as the Incident Coordinator for complex cybersecurity incidents and function as a subject matter expert on cyber security technologies and concepts.
Job Description Responsibilities
Act as the incident coordinator by leading incident response actions for active cybersecurity incidents including third party incidents, provide updates to leadership, and follow through until incident is satisfactorily resolved.
Provide technical and thought leadership within CSOC by teaching other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents and other anomalies regularly. Recommend and implement new CSOC practices and approaches (automation) to address program improvements.
Conduct in-depth investigations on complex incidents efficiently to neutralize a threat.
Design, implement, and optimize a proactive/predictive Insider Threat Program leveraging statistical analysis and machine learning (UEBA).
Research and develop new statistical and behavioral detection capabilities for identifying Advance Persistent Threats (APTs) and in support of the CSOC strategies.
Review current tooling to identify gaps and incremental monitoring opportunities. Communicate needs to engineering teams that support CSOC. Assess new security technologies to determine potential value for the enterprise.
Create and maintain standard operating procedures for key functions in CSOC including step‑by‑step guides to technologies used by analysts.
Adhere to established Service Level Agreements (SLAs) and operational KPIs. Based on severity of the incident, this role may be called to work extended hours as needed.
Education / Experience
High School Diploma or GED required.
Bachelor degree in information security/computer science or related technical discipline preferred or relevant experience in lieu of degree.
Requires a minimum of 8 years of Cyber security related work experience which consists minimum 3 years prior experience detecting/responding to cybersecurity incidents using Splunk or similar SIEM platform.
Experience in the health care and/or financial services industries is strongly preferred.
Additional Licensing, Certifications, Registrations
Management level security certifications such as CISSP, CISM or similar highly preferred.
Certified in one or more of the following: SANS GIAC (GCIH, GCIA, GMON, GCED, GCDA, GPEN, etc.), CEH, or similar cybersecurity certification.
SPLUNK SIEM and/or Splunk SOAR certification highly preferred.
Knowledge, Skills, and Abilities
Requires an expert level understanding of IT security concepts with a client‑on advanced detections, digital forensics, and incident response.
Ability to do malware analysis and reverse engineering with good understanding of Advance Persistent Threats (APTs), cybercrime, botnets and other cybersecurity tools, tactics and procedures (TTPs).
Technical knowledge of enterprise‑class network technologies such as firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems (Windows and *nix). Demonstrated understanding/familiarity with networking fundamentals including subnetting, TCP/IP, and internet protocols such as SSL, DNS, HTTP, FTP, etc.
Thorough understanding of Microsoft’s enterprise technology platform, including Azure, Active Directory, SQL, Office365, and the Windows server and desktop operating systems.
Knowledge in four or more cybersecurity tools covering endpoints, email, network, database, web, data loss prevention (DLP), behavior analytics, cloud, access control etc.
Good understanding of AWS cloud security controls.
Advanced knowledge in Splunk Enterprise Security and Splunk SOAR with ability for Splunk/SOAR detection engineering.
Proficiency with Windows PowerShell or Python scripting language.
Strong verbal and written communication skills, including the ability to provide technical thought leadership on security incident investigation calls with other technology teams, and the ability to translate complex technical concepts into plain English for consumption by non‑technical audiences.
Requires excellent interpersonal skills and the ability to work effectively with others as a team.
#J-18808-Ljbffr