Identifying misuse, malware, or unauthorized activity on monitored networks.
Analyzing all relevant cyber security event data and other data sources for attack indicators and potential security breaches.
Assisting in coordination during incidents.
Identifying intrusions utilizing various detection and prevention systems and other security event data sources on 24x7x365 basis.
Analyzing intrusion related data to determine root cause and identify follow on activity while coordinating with Incident Handlers, Hunters, and various partners.
Correlating data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs, to include netflow, metadata, and pcap analysis.
Contributing in tuning and filtering of events and information, creating custom views and content using all available tools.
Reviewing assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event.
Contributing to the development of playbooks and procedures for handling each security event detected.
REQUIRED QUALIFICATIONS:
Excellent interpersonal, organizational, writing, communications, and briefing skills.
Strong analytical and problem-solving skills.
Bachelor’s Degree or equivalent and 2-4+ years of progressively responsible experience in Cyber Security, InfoSec, Security Engineering, Network Engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, data management.
Familiarity with the following classes of enterprise cyber defense technologies:
Security Information and Event Management (SIEM) systems.
Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
Network and Host malware detection and prevention.
