Information Security Analyst (Remote)
Freenome
·
Posted:
May 19, 2023
·
Remote
About the position
The Information Security Analyst at Freenome will be responsible for identifying and reducing security risks in the company's office network and GCP cloud environment. This role investigates, analyzes, and responds to cyber incidents within the Freenome's local and cloud network, or enclave. The ideal candidate will have at least 3 years' hands-on experience in SIEM tools implementing, operating, maintaining, and incident management in mission critical environments, as well as excellent Google Cloud Platform knowledge. Industry Certifications such as CISSP, CCSP, CCAK, CCSK, CISM, GCIH, GCIA, GSEC (Cloud security certification preferred) are also required.
Responsibilities
- Engineer, implement, and administer the SIEM platform, open-source or commercial
- Analyze, design, build, tune, and support SIEM use cases across various business functions and security operational needs
- Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents
- Develop log ingestion, aggregation, and retention strategies to meet policy, related standards, and operational requirements
- Assist with onboarding new data sources into our SIEM, analyze the data for anomalies and trends, and build dashboards highlighting the key trends of the data
- Analyze and investigate security events from various sources
- Triage and validate security alerts and escalate incidents, as required. Ensure that incidents are correctly reported, documented, investigated and concluded in accordance with operational policies and procedures
- Manage security events as part of security operations, responding to urgent alerts, which may include off-hours investigation activities
- Troubleshoot system misconfigurations and recommend best practices for remediation
- Provide high quality written and verbal status reports, briefings, recommendations, and findings as required
- Maintain and support the operational integrity of SIEM/SOC toolsets
- Helping to develop the SOC (Security Operation Center) roadmap by delivering SOC capabilities to the business and championing new ideas and initiatives to help improve new and existing capabilities
- Ensure all relevant technical standards and policy documentation is reviewed and maintained throughout SOC technical capabilities
- Maintain situational awareness of emerging cyber trends by reviewing open-source reports for recent vulnerabilities and other threats that have the potential to impact the services and incorporate this understanding into day-to-day security monitoring
- Excellent knowledge of Endpoint protection
- Good understanding of vulnerability assessment and management
- Update SIEM/SOC documentation, processes and procedures and ensure currency, as required
- Provide ideas and feedback to improve the overall SOC capabilities and maturity
- Perform all other Information Security related duties as assigned and contribute to the success of the Information Security Team
Requirements
- Bachelor's degree in Information Security, computer science, business, or a related field, or equivalent in experience and expertise
- At least 3 years' hands-on experience in SIEM tools implementing, operating, maintaining, and incident management in mission critical environments
- Industry Certifications such as CISSP, CCSP, CCAK, CCSK, CISM, GCIH, GCIA, GSEC (Cloud security certification preferred)
- Hands-on experience in vulnerability assessment, red- and blue-teaming, IDS/IPS, SIEM and endpoint protection
- Excellent Google Cloud Platform knowledge
- Well organized with good time management with strong attention to detail
- Excellent analytical, interpersonal and communication skills both oral and written
- Ability to convey and explain complex technical information to non-technical staff
- A systematic problem-solving approach, coupled with effective communication skills and a sense of ownership and drive
- Genomics or bioinformatics background (nice to have)