Cybersecurity Analyst (SOC IT Level 2)

Title: - Cybersecurity Analyst (SOC IT - Level 2)

Location: - Houston TX (Hybrid)

Duration: - 12 Months Contract to Hire - (Possible to extension)

Description:

TOP SKILLS:

• Firewalls - such as Palo Alto Cisco Fortinet
• Intrusion Detection & Prevention (IDP) Nozomi Palo Alto
  • Security Information & Event Management (SIEM) such as Splunk
  • Endpoint Detection & Response (EDR) such as Defender or CrowdStrike
  • Network Analysis tools such as Wireshark tcpdump
• Strong familiarity with Azure and Active Directory
• Nice to have - Scripting PowerShell Forescout Whats up Gold FreshService

REQUIREMENTS

1. Experience working in Information security Cybersecurity or related field in a medium to large sized company (5 years)

2. Experience working in a Security Operations Center conducting threat analysis and/or threat intelligence collections techniques (5 years)

3. Bachelors Degree in Information Technology Computer Science or equivalent military experience needed for conversion purposes

TECHNICAL SKILLSET:

1. Splunk Splunk is an SIEM tool (SIEM Security Information & Event Management)

2. Incident Response need to have worked as in Incident Responder in previous engagements.

3. EDR and IDP tools (Endpoint Detection & Response Intrusion Detection & Prevention) see JD but these tools include Tanium Trellix TippingPoint and Palo Alto

JOB DESCRIPTION

SUMMARY:

The Cybersecurity Analyst is part of a broader cybersecurity team that ensures all system design implementation and standards protect Sempras network from cyber-attacks. The Analyst of Security Operations Center (SOC) supports the monitoring of networks computers and applications in enterprise systems. This role helps triage escalate and support incident response operations to contain and eradicate malicious activity in information systems and networks. This role will also work with outside third parties to provide SOC and Incident response services when needed.

RESPONSIBILITES:

Technical Analysis & Delivery

• Coordinates the Security Operations Center (SOC)
• Reviews alerts and data from sensors and documents formal technical incident reports
• Provides analysis of network and host-based security events and trends of security log data from many heterogeneous security devices
• Provides users with incident response support including mitigating actions to contain activity and facilitating forensics analysis when necessary
• Participates in the development of derivations of risk by contributing likelihood and/or impact knowledge for cybersecurity events that may affect the Companys systems
• Conducts competitive analyses on (in-use and alternative) cyber technologies and documents recommendations for our environment.

Communication & Stakeholder Management

• Coordinates with other security teams on incidents
• Works across cross-functional teams to drive requirements gathering to improve SOC
• Communicates technical information in a clear and concise manner to technical and non-technical audiences
• Creates detailed written accounts of processes and steps throughout an event or investigation and deliver formal reports

Functional Area Leadership

• Provides support across security tools and monitoring devices
• Research external sources and peers information on threats and vulnerabilities and their solutions

Troubleshooting

• Investigates impacted hosts endpoints and users and takes the appropriate actions to mitigate and contain the impact or the threat or incident
• Leverages fundamental knowledge of IT system functionality architecture and capabilities to effectively diagnose and troubleshoot issues with some assistance
• Contacts and coordinates vendor carrier and remote support when necessary to resolve high impact security issues

Knowledge Skills and Abilities:

• Solid understanding of operating systems programming networking malware defenses perimeter controls security assessment web applications intrusion analysis malware analysis and incident response
• Demonstrated ability to coordinate and respond to security incidents using commercial and/or open-source technologies
• Solid understanding of the Incident Response methodology in investigations and the groups behind targeted attacks and tactics techniques and procedures (TTPs)
• Familiarity with the application of vulnerability frameworks such as Metasploit the Common Vulnerability and Exposures (CVE) rating system and cyber kill chain framework
• Hands-on experience with security technologies for example:

• Intrusion Detection & Prevention (IDP) such as TippingPoint or Palo Alto
• Security Information & Event Management (SIEM) such as Splunk
• Endpoint Detection & Response (EDR) such as Tanium and Trellix
• Network Analysis tools such as Wireshark tcpdump
• Vulnerability Scanning Tools such as Qualys Rapid 7 Nexpose and Tenable

• Ability to develop and execute a quality security review based on policies best practices and/or regulatory standards; ability to conduct and write vulnerability assessments
• Ability to establish and maintain an outstanding level of trust and confidence with cross-functional stakeholders