Under the general supervision of the SOC Team Lead, the Security Analyst I is expected to monitor security feeds streaming from client servers, network devices, and end user work stations, operate and maintain network security equipment on TruShield and client premises, and deploy new security detection and protection solutions at client locations.
The Security Analyst I will also be responsible for security incident response on client networks. The Security Analyst I will utilize the latest in network security technology while providing Computer Network Defense and Information Assurance (IA) support to TruShield’s internal network as well as various commercial and federal customers.
The Security Analyst I is expected to be familiar with a wide range of security tools and understand basic security fundamentals. The Security Analyst I will perform information security event analysis and must possess knowledge of operating systems, TCP/IP networking, network attacks, attack signatures, defense countermeasures, vulnerability management, and log analysis.
The Security Analyst I will also utilize vulnerability assessment software in support of customer requirements. Employees must be able to research, develop, and communicate solutions to detected security incidents in a timely manner.
Most of all, the Security Analyst I must be a self-motivated individual with a strong willingness to learn in a hands-on learning environment. Additionally, the Security Analyst I must be able to communicate effectively both orally and in writing.
- Monitor and analyze network traffic and alerts
- Investigate intrusion attempts and perform in-depth analysis of exploits
- Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident
- Conduct proactive threat research
- Review security events that are populated in a Security Information and Event Management (SIEM) system
- Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
- Independently follow procedures to contain analyze and eradicate malicious activity
- Document all activities during an incident and provide leadership with status updates during the life cycle of the incident
- Backup of firewall, netWarden security appliance and other security devices
- Incident management, response and reporting
- Provide information regarding intrusion events, security incidents, and other threat indications and warning information to the client
- Track trends, statistics, and key figured for each assigned client
- Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions
- Daily Shift change report
- Incident reports
- Security status reports
- Client-facing security meetings
- Pre-sales demonstrations as required
Desired Qualifications and Skills:
- One or more of the following certifications: CISSP, GCIA, Security+, CEH
- Incident Response
- Security Operations Center
- TCP/IP Networking
- Familiarity with common IDS/IPS platforms (Snort, Cisco, Fortigate, Sourcefire)
- Experience with Malware Analysis and Reverse Engineering
- Prior SOC experience (can include internships)
- Experience with packet analysis and packet capture tools
- Incident handling/response experience
- Experience with web technologies and databases
- Bachelor’s degree or equivalent
To apply for the position, please fill out the form and submit the required paperwork: