Senior Security Systems Analyst/Incident Responder
Location : Chicago, IL
Job Type : Direct
Hours : Full Time
Required Years of Experience : 3+
Required Education : Bachelor's
Travel : No
Relocation : No
Job Description :
WHO YOU ARE
- Knowledgeable. You have a broad-based familiarity with Security Operations with 3 to 5 years of experience as an Incident Responder. More specifically, your background includes at least 2 years of Splunk experience writing searches, familiarity with malware analysis processes, Digital Forensics Incident Response and threat hunting methodologies. A solid network background is also important.
- A Problem Solver. You are a creative thinker who focuses on the problem as stated and gathers information and knowledge to achieve an appropriate solution. Your skillfulness in this area helps you determine how to quickly assess security incidents.
- A Strong Communicator. Your writing and speaking skills are clear, articulate, and effective, demonstrating your ability to interact with and be understood by all levels and various teams across the organization. In addition, you’re skilled in communicating in a non-technical manner with everyone from end users to senior management and also in a technical manner to other IT professionals.
- Organized, Efficient, and Accountable. You have a keen eye for detail and pride yourself on delivering quality work. You multitask well, re-prioritize accordingly, and meet deadlines consistently. Above all, you are flexible and able to juggle the needs of changing priorities of the business, even if that means an occasional after-hours project.
- Passionate. Motivated. Eager to Learn. You are resourceful, ask smart questions, challenge the status quo, and regularly seek to understand. You’re willing to learn a range of business and/or technical specialties, based on organizational needs. And when a special project arises, you volunteer!
- Trustworthy and Discerning. The ability to work with confidential information, while using discretion, is crucial to this position.
WHAT YOU’LL DO
- Document and investigate security incidents according with the security incident response policy.
- Architect Checkpoint firewall changes, manage Sourcefire IPS/IDS and BlueCoat technologies.
- Lead the vulnerability management program.
- Create actionable items out of threat intelligence feeds.
- Coordinate red team blue team exercises.
- Perform research and data analysis of possible security events to proactively identify and communicate status.
- Resolve service impacting events to restore service as quickly as possible and provide root cause analysis to address future situations.
- Resolve fault conditions on security systems.
- Support the team on high priority and high visibility security issues.
- Mentor other Security Engineers and train peers on platform enhancements and technology changes.
- Ensure platform accessibility, software revisions, and best practices are maintained.
- Prepare ad-hoc analysis and reports as needed.
- Provide weekend and after-hours support as required; at times, this position will require 24/7 availability to support operations, based on business needs.
- Perform other duties and participate in special projects as needed.
- Ability and willingness to learn quickly. Self-motivated to succeed, with capacity to assume increasing responsibility.
- Proven project management and organizational skills, managing multiple concurrent tasks and/or projects.
- Extremely detail oriented and well-organized, with an exceptional ability to plan work effectively and multi-task as appropriate. Consistently delivers conscientious, thorough, and accurate analysis.
- Adaptable to changing priorities in a fast-paced environment, without sacrificing quality of work product.
- Strong communication skills; able to speak and write in a clear and articulate manner to convey network concepts and issues to end users and senior management on a non-technical level, while dealing with other IT professionals on a technical level.
- Must demonstrate strong analytical and problem solving skills.
- Process orientated with the ability to clarify objectives, evaluate options, consider implications, assess risks, and make key decisions.
- Team player that demonstrates flexibility and the ability to integrate and work well with others.
Required Qualifications :
- 5+ years work experience in IP addressing and subnetting, routing protocols, VPN concepts ( Checkpoint experienced preferred), VLAN configuration and concepts and L2/L3 switching technologies. 3+ years experience as an Incident Responder and in Security Operations.
- 3+ years of experience designing and maintaining firewall policies in Checkpoint Provider-1 and Checkpoint R75 or higher on Linux or Unix based platforms prefered.
- Bachelor's degree, with an emphasis in computer science or information systems preferred or equivalent experience. Platform certifications, CCSP, CCSE, CCISP are a plus!
- Have a demonstrated technical problem determination ability; exceptional system implementation, installation, and disaster recovery planning experience; and ongoing hands-on administration knowledge.
- Good understanding and working knowledge of routing protocols.
- Experience maintaining highly available and highly secure networks.
- Familiar with malware analysis processes and threat intelligence activities, including the collection of IOCs and tracking threat actors.
- Experience with Sourcefire IPS/IDS systems, Symantec DLP Solution and Bluecoat Web Filtering and SSL decryption technologies.
- Must possess expert level knowledge with DMZ architectures.
- Well-versed in layer 2 to layer 7 troubleshooting experience.
- Exposure to major system applications and databases; Unix and Windows experience a plus!
- Excellent understanding of VMware Infrastructures.