Security Analyst III

About The Position

Requirements

• 3-5 years advanced network traffic flow configuration/debugging/troubleshooting experience in general LAN and WAN environments, to include SDWAN.
• 3-4 years configuring and troubleshooting basic to advanced firewall installations, including IPsec terminations, UTM, identity-based policy controls, etc.
• 3+ years advanced-level experience implementing perimeter firewalls, UTM platforms, and SIEM technologies.
• 2-3 years’ experience with network security monitoring, event correlation, and traffic analysis technologies, with an emphasis on event detection
• A high level of motivation, including the ability to be a self-starter
• Experience authoring and/or editing technical documentation in a professional setting.
• Exceptional communication skills (written and verbal) and experience in a customer-facing service role.
• Familiarity with general information security policy frameworks, best-practice guidelines (e.g., ISO/IEC 27000 series, NIST 800 series, DoD 5200, ITIL, etc.) and an understanding of the application of these and other operating principles to production workflows.
• Moderate or better proficiency with packet-level traffic analysis (Wireshark, tcpdump, etc.)
• Ability to carry out troubleshooting and traffic analysis operations from one host to another, across arbitrary interconnecting networks/media, and through all intervening levels and scales of network architecture.
• Familiarity with various log generation, delivery, and retention mechanisms, as well as common log data formats (syslog, CEF)
• Familiarity with a wide range of common end-host and network infrastructure data security vulnerabilities, common exploits, bad actor behavior patterns, etc.
• Ability to identify networks whose operation intersects with regulatory frameworks such as PCI-DSS, HIPPA, etc.
• 4-6 years technical experience with 5+ years directly related to the job. College hours or a college degree may be substituted for some experience as deemed appropriate.

Nice To Haves

• Inclination toward self-study and continuing education preferred
• Vendor specific certifications (NSE4, NSE5, CCNA, CCNP, etc.)
• Preference given to information-security-specific certifications (CISSP, GSEC/GCED, CEH, etc.) and a degree in a technical discipline.

Responsibilities

• Provide a third (and last) tier escalation point for customer-impacting security event analysis and investigation, assisting other Analysts with prompt, effective resolution of issues.
• Follow established identity assurance and access control procedures to guarantee the confidentiality and integrity of our customers’ sensitive data.
• Maintain currency and fluency in news, events, technologies, platforms, tools, and concepts across all domains of Information Security, and of how these things impact Uniti, the CSOC, and its customers.
• Develop and implement both reactive and proactive research activities—as well as tools and techniques—to leverage production-scale volumes of security event data to extend and refine existing SIEM content, network baselines, detection protocols, mitigation activities, and response methodologies.
• Work in concert with CSOC’s Senior Engineer to assure that log collection, event correlation, attack detection, and mitigation/response tools, techniques, and methodologies are effectively and efficiently maintained and implemented and keep pace with the constantly-evolving threat landscape.
• Maintain currency in CSOC and Uniti product and service offerings, as well as support objectives and requirements thereof.
• Provide on-call presence to ensure continuity of operations outside of normal business hours.
• Address technical issues, event analysis, and deep investigations escalated from junior Analysts and Engineers, synthesizing internal and external resources as needed to reach resolution.
• Collect, assess, and integrate new and developing security news and threat and vulnerability data from sources across the professional sphere, using this intelligence to continually develop and refine CSOC’s technology, process, and policy for the good of our customers.
• Proactively analyze and creatively model existing event data to detect new threats or compromises, to develop new or improved baselines and detection heuristics, and to establish and refine baselines and behavioral forecasts to support continual improvement of existing detection, mitigation, and response patterns.
• Work closely with the Senior Engineer and CSOC Leadership to suggest and implement technical changes, process improvements, and content/asset enhancements based on research and experimental findings.
• Coordinate with Engineers, and vendor entities as appropriate to identify, isolate, and remediate workflow-impacting and/or service-impacting issues as they arise and, where appropriate, participate in the preparation of work procedures to remedy.
• Collect and analyze operational data and develop procedural documentation in response to business needs or to address emergent technical or security issues.
• Rigorously and accurately document all work carried out in response to customer issues to assure consistency, transparency, validity, and auditability of all troubleshooting efforts undertaken.

Benefits

• Medical, Dental, Vision Insurance Plans
• 401K Plan
• Health & Flexible Savings Account
• Life and AD&D, Spousal Life, Child Life Insurance Plans
• Educational Assistance Plan