Lead Information Security Analyst

Trellix

About The Position

Trellix is a global company redefining the future of cybersecurity. The company’s comprehensive, open, and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at https://trellix.com. The primary responsibility of this role is to ensure that security tools, including Trellix SIEM, Trellix Application Control, Change Control (MACC), Endpoint Security (ENS) for Windows and Linux, ePolicy Orchestrator (ePO) DAT, Endpoint Deployment, Package Management, and Vulnerability Management Tools (Nessus, Burp Suite), are operationally maintained. Collaborate with Security Analysts and Security Architects to ensure that security is implemented properly and that new network and computing environments comply with NIST 800-53, NIST 800-171, and Trellix technology security standards. Compose automated scripts in Terraform, Python or PowerShell and integrate with AWS CLI, Ansible or Team City for automating security related tasks. Work with a dedicated System Operations team, or from other Trellix Teams, to improve security and awareness within the Trellix XDR GovCloud and Trellix Email Security GovCloud authorization boundary of operations. Work with other members of the Federal Security Operations Team dedicated to help ensure visibility and monitoring capabilities are available, for root causing analysis on security related events and threat hunting exercises. Work to detect, enumerate and resolve system and application code vulnerabilities within the FedRAMP and IL5 boundaries. Help with investigations of network and hosts/endpoints for malicious activity, to include analysis of event data, and support efforts to detect, confirm, contain, improve, and recover from attacks; Support response to global security incidents including coordination and leadership during security incidents and malware outbreaks. Review network and system logging standards to determine compliance with CIS and STIG security standards and frameworks for onboarding new projects into the FedRAMP authorization boundary. Collect and help executive summaries on vulnerability remediation and metrics for product deployments and control gap assessments. Contribute to overall Information Security processes, procedures, standards, architecture, and supporting documentation.

Requirements

Bachelor's degree in Computer Science, Information Security and Risk Management, Information Systems, Engineering, or 5 years equivalent work experience working in a Security Operations capacity leveraging NIST 800-53 or Risk Management Framework environments.
Must be a U.S Citizen; and reside on U.S Soil for meeting the AWS GovCloud FedRAMP High Impact Level 4/5 Security Clearance requirements.
Minimum of 3 years of security operations experience, securely hardening and maintaining security tools identified as the primary responsibilities.
Able to write automated scripts in Terraform, Python or PowerShell and integrated with AWS CLI, and Team City for automating security related tasks.
Any combination of the following: CompTIA Security+, CompTIA CySA+, CompTIA Pen Test+, ISACA CISA Professional Certifications.
Experience working within an Amazon AWS Cloud Service and Three-Tier-Architecture environment.
Experience working with security projects associated with the NIST 800-53 (Moderate, High & IL-4/5) Control Frameworks.
Experience working with security incident response and threat mitigation, and containment practices.
Experience with administration and management of Windows 2016, Linux (Amazon Linux v2) operating systems.

Nice To Haves

Trellix SIEM, App Control/Change Control, Endpoint Security, Email Security and ePO deployment experience is preferred.
Experience with: Near real-time monitoring, alerting, parsing, tuning, optimization, and troubleshooting.

Responsibilities

Ensure security tools are operationally maintained.
Collaborate with Security Analysts and Security Architects to ensure security implementation and compliance with NIST and Trellix standards.
Compose automated scripts in Terraform, Python, or PowerShell and integrate with AWS CLI, Ansible, or Team City for automating security-related tasks.
Work with System Operations and other Trellix Teams to improve security and awareness within the Trellix XDR GovCloud and Trellix Email Security GovCloud authorization boundary of operations.
Work with the Federal Security Operations Team to ensure visibility and monitoring capabilities for root cause analysis and threat hunting.
Detect, enumerate, and resolve system and application code vulnerabilities within the FedRAMP and IL5 boundaries.
Assist with investigations of network and hosts/endpoints for malicious activity, including analysis of event data, and support efforts to detect, confirm, contain, improve, and recover from attacks.
Support response to global security incidents, including coordination and leadership during security incidents and malware outbreaks.
Review network and system logging standards to determine compliance with CIS and STIG security standards and frameworks for onboarding new projects into the FedRAMP authorization boundary.
Collect and help executive summaries on vulnerability remediation and metrics for product deployments and control gap assessments.
Contribute to overall Information Security processes, procedures, standards, architecture, and supporting documentation.