Cyber Defense Analyst

About The Position

Requirements

• Bachelor's Degree in Computer Science or a related 4-year technical degree (or 3-6 years of relevant IT experience)
• 2-4 years of IT Security experience
• Core Technical: Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or scripting experience required.
• General: Must exhibit understanding and application of the principles of Network Security Monitoring (NSM). Ability to analyze log data, netflow data, alert data, network traffic and other data sources to validate security events. Ability to create signatures and detection content in IDS, SIEM and Log analysis platforms. Ability to consume, comprehend, utilize and create indicators of compromise. Ability to tune detection tools for accuracy. Execute on intelligence-driven detection capabilities. Perform daily analysis of detection reports and alerts. Maintain tools, scripts and applications for detection and automation capabilities. Identify opportunities for capability and efficiency improvements. Ability to conduct network and host analysis of compromised and baseline systems to identify anomalies. Exhibit understanding of tools, tactics and procedures (TTP) of malicious actors such as hacktivist groups, cybercrime organizations and advanced persistent threats. Identify and report on detection trends. Comprehensive knowledge of common networking protocols: HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP.

Nice To Haves

• General Info Security: Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, Forensics & Investigations, NSM, DFIR
• Cyber SOC Process Management: Overall Process Design & SOC Threat Management, Teamwork, Collaboration and independent contributions
• Malware Analysis experience preferred.

Responsibilities

• Complete Cyber Monitoring and Incident Response Operations Playbook/Checklist activities including, but not limited to: log review, vulnerability management activities, management report scheduling & running, alert analysis, filter modifications & escalation follow up activity status (35%)
• Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis. Create signatures, rulesets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities (25%)
• Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rulesets. (10%)
• Maintain adherence to Corporate Security Operations Center standards, policies & procedures (10%)
• Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies (10%)
• Participate in efforts to analyze & define security filters & rules for a variety of security parameters (10%)

Benefits

• Annual Bonus for eligible positions: 10%
• 401(k) match and annual company contribution
• Medical, dental and vision insurance
• Life and disability insurance
• Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave
• Employee Assistance Program and resources for mental and emotional support
• Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement
• Referral bonus program