In this role, you will be part of a team that is responsible for analysis of cyber threats that could impact company resources. The Event Analyst will primarily work within established operating procedures to detect & respond to cyber incidents from external threats as an integral part of a Security Operations Center (SOC). The Event Analyst will work within a team environment with leadership providing day-to-day direction. The Event Analyst must be a self-starter with the ability to research and solve problems independently but must also able to collaborate in a dynamic team environment. Essential Functions/Responsibilities Conducts security monitoring, the first level of triage and analysis, handles incoming notifications from NetApp personnel, and conducts the first notifications. Identify compromised computers using logs, live response, and related computer centric evidence sources Gather initial artifacts such as (malware samples, files, memory dumps, etc) from infected workstations Send unique artifacts to Incident Analysts for further analysis Accurate and timely routing of verified compromises to the appropriate IT operations teams for further analysis and remediation Appropriate escalation of incidents as defined in the established operating procedures Continually research the current threat landscape and tactics as it applies to team focus Advise management on the effectiveness of established operating procedures and recommend modifications where appropriate Foundational understanding of network communications (TCP/IP networks, HTTP basics) Foundational understanding of IT security principles Ability to work with a globally distributed team and rely heavily on electronic communication Strong oral and written communication skills The ability to travel as needed to support the corporate objectives. Must be willing to work some late hours India time, to align with US workforce. *Job Requirements Requirements: -Required Skills - Previous operational experience in a CSIRT, CIRT, SOC, or CERT - Foundational understanding tactics used by APT, Cyber Crime and other associated threat group - Expert understanding of network communications (TCP/IP fundamentals, HTTP basics) - Expert understanding of multiple operating systems such as Linux, Solaris, BSD, or Windows - Expert understanding of intrusion detection systems (e.g. Snort, Suricata) and tools (e.g. tcpdump, Wireshark) - Practical experience with security incident response - Security Incident Management â€“ analysis, detection and handling of security events - Comprehension of how attacks exploit operating systems and protocols - Must understand how to analyze network traffic for suspicious and malicious activity - Hands-on experience with other security technologies: - Next-Gen Intrusion Detection Systems â€“ FireEye, Damballa, or Palo Alto WildFire - Security Information & Event Management (SIEM) â€“ ArcSight, Splunk, QRadar, etc - Packet capture technologies â€“ NetWitness, Solera, Moloch, or at a minimum, WireShark or tcpdump - Scripting experience with one or more of the following: PERL, Bash, PowerShell, Python - Ability to write technical documentation and present technical briefings to varying audiences - Ability to work with a globally distributed team and rely heavily on electronic communication - Ability to travel as needed to support the corporate objectives. Desired Skils: Foundational understanding tactics used by APT, Cyber Crime and other associated threat group Experience with IT network communications troubleshooting (netflow, WireShark, traffic analysis) Experience with IT security technical controls (AV, Snort, firewall, syslog, SIEM, , ArcSight, Splunk) Experience with host-centric malware detection, identification and response Previous operational experience in a CIRT, SOC, or CERT Experience with the Cyber Kill Chain framework *Education and Experience Education & Experience: - 5+ years of information security experience is required; At least 3 years experience in security monitoring, digital forensic analysis, or incident response is preferred. - A Bachelor of Arts or Sciences Degree is required; or equivalent experience. - Demonstrated ability to have completed multiple, moderately complex technical tasks.
Login to Apply
Dallas, TX | Austin | Austin, AR(1)
Phoenix,AZ | Elko | Elko, NV(1)
© Copyright 2017 Future Focus Infotech Pvt Ltd.(FFIPL) All Rights Reserved