Our client is a leading independent, end-to-end IT services company.
The Tier II Information Security Analyst is responsible for executing day-to-day tasks in the Security Operations Center 24x7. These tasks include: answering the security support hotline, monitoring the security support mailbox, creating tickets for client requests, monitoring and responding to Instant Messaging applications, etc. This position will also act as level 3 support for managed encryption services.
The Tier II Information Security Analyst is responsible for the first line of security incident response in the client SIEM environment. The core responsibilities include the monitoring of client SIEM alerts in real-time, researching threat information, and escalating legitimate security incidents to the client. This position is also a technical escalation resource for the Tier I Information Security Analysts.
- Eyes on glass monitoring and resolution of security incidents within established customer Service Level Agreements.
- Perform daily operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from Security Information Monitoring tools, network and host-based intrusion detection systems, firewall logs, system logs (Unix & Windows), mainframes, midrange, applications and databases.
- Monitors and analyzes attempted efforts to compromise security protocols. Identifies and investigates activities and conducts and provides analyses regarding results. Escalates issues to higher level associates.
- Reviews computer logs and messages to identify and report possible violations of security. Coordinates, documents, and reports on internal investigations of security violations.
- Interacts with customers to understand their security needs; assists in the development and implementation of procedures to accommodate them.
- Writes security status reports to provide system status, report potential and actual security violations and provide procedural recommendations.
- 2 – 4 years of relevant experience or equivalent combination of education and work experience: undergraduate degree and 1-2 years of relevant experience.
- 1 – 2 years of Information Technology experience with network technologies, specifically TCP/IP, and related network tools.
- Understanding of source code, hex, binary, regular expression, etc.
- Experience assisting the development and maintenance of tools, procedures, and documentation.
- Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.
- Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs).
- Network, Security, or Platform certification(s) (S+, N+, MCSP, CNA).
- Must be a Citizen or Green Card holder due to government or federal regulations
- Must be open to shift work