Cyber Defense Operations Center Analyst III

About The Position

Requirements

• At least 6 years of direct, operational experience in comparable information security or technology teams.
• Operational experience configuring and managing a Security Information and Event Management (SIEM) platform.
• Experience responding to crises, incidents, and investigations.
• Demonstrated experience performing threat analysis and managing security-monitoring toolsets.
• Operational experience working in a regulated environment (e.g., classified networks, healthcare, finance, banking, etc.).
• Exceptional attention to detail executing and developing procedures in security operations center environments.
• Strong understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP/S, etc.).
• Strong background in Windows Server and Linux administration.
• Strong verbal and written communication skills.
• Ability to collaborate with internal and external key stakeholders.

Nice To Haves

• Experience with Vulnerability Management toolsets.
• Operational experience monitoring cloud computing (e.g., AWS, Azure, etc.) and SaaS environments.
• Understanding of governance, risk, and compliance (GRC) activities and providing documentation for audit investigations.
• At least one of the following:Systems Security Certified Practitioner (SSCP)Certified Information Systems Security Professional (CISSP)Certified Ethical Hacker (CEH)Certified Hacking Forensic Investigator (CHFI)GIAC Certified Detection Analyst (GCDA)Offensive Security Certified Professional (OSCP)

Responsibilities

• Evaluates events, detects threats and anomalies in the environment, and reacts to potential incidents utilizing incident response playbooks. Also performs incident analysis, investigation and response. Conducts penetration tests in support of risk assessment/analysis activities.
• Performs daily defensive operational activities; develops and maintains CDOC documentation and runbooks; conducts enterprise-wide threat hunting.
• Carries out CDOC efforts during incident and breach responses; facilitates cross-organizational collaboration in a dynamic team environment in response to security incidents.
• Responds to alerts and notifications from the MSSP; processes tickets to and from the MSSP and ensures they are resolved in a timely manner.
• Tunes CDOC toolsets and automation engines.
• Collaborates with other InfoSec and IT teams to ensure that alerts and events are received and processed by the CDOC.
• Participates in the InfoSec on-call schedule and escalation process.
• Applies cybersecurity subject-matter expertise in evaluating business operations and processes. Identifies areas where technical security solutions would improve business performance. Consults across business operations, providing mentorship, and contributing specialized knowledge. Ensures that the facts and details are correct so that the project’s/program's deliverables meets the needs of the department, and organizational policies, standards, and best practices. Provides training, recommends process improvements, and mentors junior level staff, department interns, etc. as needed.
• Performs other duties as assigned.

Benefits

• Paid Time Off (PTO)
• Tuition Reimbursement
• Retirement Plans
• Medical, Dental and Vision
• Wellness Program
• Volunteer Time Off (VTO)