We are looking for a Security Analyst to join our clients growing IT organization, which is advancing into the Azure Cloud Technology area. Ideal candidate will have some Information Security hands on experience, resolving alerts as needed.
Duration: 6 month contract likely extension
Location: Cary, NC- starting remote and then will be required to be onsite post Covid-19 restrictions. **Local Candidates Only**
Security Analyst I is responsible for monitoring and detection of threats and cybersecurity attacks. The Security Analyst I works independently at times, as well as with other members of the Security Team, to analyze system and security events, threat and vulnerability advisories, and cyber threat intelligence to identify malicious activity and potential attacks to alert clients to prevent or respond to incidents.
Daily work includes monitoring network and system security events, conducting threat hunting through event data and activity logs, developing alarms for suspicious or malicious activity, escalating alerts to clients and preparing reports to summarize detected activities. The Security Analyst I executes and helps to create operational processes for consistent monitoring of client environments and should be familiar with varieties of security tools and technologies.
Monitor security events and escalate verified alerts according to procedures to activate incident response processes.
Conduct analysis of network traffic and computer system discovery applications.
Assist in preparing deliverables including reports, briefing presentations and recommendations to communicate security information, event summaries, vulnerabilities and threats to clients on a routine and periodic basis, helping to distill technical concepts into valuable and informative information.
Perform threat hunting activities in client networks through proactive analysis of log, network and system data to identify undetected threats.
Provide sound technical recommendations that enable remediation of security issues.
Identify and incorporate applicable indicators of compromise (IOCs) into network security tools.
Develop and refine SIEM correlation rules.
Utilize advanced threat models, SIEM use cases, and incident response playbooks.
Manage and safely utilize vulnerability scanning tools and interpret and prioritize results.
Essential Technical Experience and Knowledge Skills:
Knowledgeable in network traffic analysis, threat detection, and advanced threat tactics, techniques and procedures (TTPs).
Knowledgeable of network and security architecture principles, firewall and IDS/IPS fundamentals, endpoint security systems and other security protective/detective systems.
Experience in cybersecurity event analysis, intrusion detection, security operations, and cloud computing.
Additional Background and Experience Requirements:
Possess an industry certification including CISSP, CCNP, GCIH, GMON, GCIA, OSCP, CEH, CompTIA Network+, Security+ or other recognized credentials.
Preferred Skills and Qualifications:
Computer Science or related 4-year degree.
SECURITY TOOLS- experience or exposure to some will be helpful-
Cisco Security Suite -> Firepower, ASA, AMP, Orbital, Umbrella, Stealthwatch
Microsoft Cloud App Security
All things Azure
All things Office365