Security Analyst (Incident Response)
Seeking a Security Analyst to join our IT team at our corporate headquarters in Chicago, IL. As a key member of the Security Operations team, you will support our production environment, protecting it from the latest information security threats. You will be responsible for executing documented cyber threat management processes with a focus on real-time security events analysis to protect the organization electronic assets. Utilizing your experience as part of a security incident response and security engineering team, as well as your initiative, drive, and creativity, you will research the latest security threats and vulnerabilities in order to identify weaknesses and exposures.
WHO YOU ARE
· Knowledgeable. You have a broad-based familiarity with Security Operations including 2 years of experience as an Incident Responder. More specifically, your background includes at least 1 year of Splunk experience writing searches, familiarity with malware analysis processes, Digital Forensics Incident Response and threat hunting methodologies. A solid network background is also important.
· A Problem Solver. You are a creative thinker who focuses on the problem as stated and gathers information and knowledge to achieve an appropriate solution. Your skillfulness in this area helps you determine how to quickly assess security incidents.
· A Strong Communicator. Your writing and speaking skills are clear, articulate, and effective, demonstrating your ability to interact with and be understood by all levels and various teams across the organization. In addition, you’re skilled in communicating in a non-technical manner with everyone from end users to senior management and also in a technical manner to other IT professionals.
· Organized, Efficient, and Accountable. You have a keen eye for detail and pride yourself on delivering quality work. You multitask well, re-prioritize accordingly, and meet deadlines consistently. Above all, you are flexible and able to juggle the needs of changing priorities of the business, even if that means an occasional after-hours project.
· Passionate. Motivated. Eager to Learn. You are resourceful, ask smart questions, challenge the status quo, and regularly seek to understand. You’re willing to learn a range of business and/or technical specialties, based on organizational needs. And when a special project arises, you volunteer!
· Trustworthy and Discerning. The ability to work with confidential information, while using discretion, is crucial to this position.
WHAT YOU’LL DO
· Document and investigate security incidents according with the security incident response policy.
· Execute daily incident response processes and checklists.
· Manage the IR incidents lifecycle.
· Create actionable items out of threat intelligence feeds.
· Participate in red team blue team exercises.
· Perform research and data analysis of possible security events to proactively identify and communicate status.
· Resolve service impacting events to restore service as quickly as possible and provide root cause analysis to address future situations.
· Support the team on high priority and high visibility security issues.
· Ensure platform accessibility, software revisions, and best practices are maintained.
· Prepare ad-hoc analysis and reports as needed.
· Provide weekend and after-hours support as required; at times, this position will require 24/7 availability to support operations, based on business needs.
· Perform other duties and participate in special projects as needed.
· 2+ years of experience as part of a security incident response and security engineering team
· Bachelor’s Degree in Computer Science, related area or equivalent experience
· At least 1 years of Splunk experience writing searches
· Familiar with malware analysis processes; threat intelligence activities including the collection of IOCs and tracking threat actors; digital forensics incident response; and threat hunting methodologies
· Experience with Sourcefire IPS/IDS systems, Symantec DLP Solution and Bluecoat Web Filtering and SSL decryption technologies
· Minimum 1-3 years of experience in IP addressing and subnetting, routing protocols, VPN concepts, VLAN configuration and concepts and L2/L3 switching technologies
· Solid understanding of DMZ architectures
· Good layer 2 to layer 7 troubleshooting experience
· Exposure to major system applications and databases, Unix and Windows experience a plus
· Good understanding of VMware Infrastructures; Windows Server and Desktop knowledge
· Must demonstrate strong analytical and problem solving skills, as well as proven project management and organizational skills — specifically managing multiple concurrent projects
· Process orientated with the ability to clarify objectives, evaluate options, consider implications, assess risks, and make key decisions
· Ability to convey network concepts and issues to both technical and non-technical audiences
· The candidate should have a demonstrated ability to write with clarity and accuracy, and consistently delivers conscientious, thorough, and accurate analysis
· Extremely detail oriented and well-organized, with an exceptional ability to plan work effectively and multi-task as appropriate
· Team player that demonstrates flexibility and the ability to integrate and work well with others