SoC III Security Analyst

The SOC III Security Analyst has a passion for information security and is responsible for escalated analysis of information security events from various security platforms.  The analyst will be the primary resource responsible for the configuration, health and maintenance of various security monitoring solutions. The analyst will need a working knowledge of multiple network and host-based security solutions, such as intrusion detection systems, vulnerability assessment tools, and analysis of security log events. 

RESPONSIBILITIES

• Effective configuration, monitoring and alerting of security events from multiple security platforms.  Technologies include intrusion detection and prevention, web proxies, firewalls, log events monitors (SEIM), antivirus, third party security service providers, and other network analysis tools.

• Evaluates, recommends, and implements enhancements to security controls in network, application, and technology hosts (servers, endpoints, and other equipment) to ensure effectiveness and compliance with Bank standards.

• Monitors emerging security industry trends, attack techniques, mitigation techniques, and security technologies by attending conferences, networking with peers, and other educational opportunities.  Recommends and implements suggestions for improving security based on research.

• Works with team members on security projects, including implementation of new or upgraded technologies, engaging third parties for security services, deploying new reporting and monitoring tools, and strengthening/formalizing security processes both within the security team and with other supporting resources.

• Primary resource for security operations function to review security alerts and ensures security tools are updated to provide notification to the security team of events requiring investigation.

• Evaluate new vulnerability notification releases to identify potential risks to corporate environment.   Provides guidance of vulnerability remediation to the technology subject matter experts.

• Ensure the network infrastructure and application development efforts meet security standards and industry best practices.
• Monitoring the health of security devices and notification to Infrastructure leaders as necessary for malfunctioning equipment and software.
• Utilize critical thinking and analytical skills for incident response research, analysis, communication, and management of forensic investigations.  Conducts incident investigations both during and after business hours, as needed.

• Contributor to the maintenance, testing, and improvement of the Bank's security incident response plan.  Reviews security incidents to identify areas of strength and improvement to further enhance the process.

• Partners closely with the Enterprise Architects, Project Managers, Infrastructure leaders, and Application Development teams to ensure a consistent approach to security solutions in each areas of responsibility. 

• Provides management with security metrics for reporting to various levels at the Bank.

This description provides general information necessary to depict the essential and non-essential functions of the job and shall not be construed as a detailed description of all the required work that may be inherent in the job.

Requirements

• Bachelor’s degree in computer science, information systems, or information security with five years of information security/information technology experience, including at least two years of information security experience, or the equivalent combination of education and experience is necessary.  Security certification such as CEH or GSEC is desired.
• Technical understanding of security products such as firewalls, IDS/IPS, file integrity management systems, data loss prevention, security event monitoring, endpoint protection.
• Experience writing custom intrusion detection signatures and SIEM log parsers.
• Comprehensive level of core infrastructure and layered security experience, i.e., Windows, UNIX, Cisco IOS, TCP/IP, DNS, SMTP, SFTP, Active Directory, web security architecture, OSI stack, wireless networking technology, remote access.

• Experience with threat intelligence collaboration and sharing of indicators of compromise.

• Knowledge of scripting and software development skills are desired.

• Foundational knowledge of popular enterprise database technologies and command usage.

• Experience with identifying the behavior of modern exploits and malware including packet analysis of suspected activity.

• Experience participating in red or blue team threat hunting exercises is highly desired.

• Must have strong interpersonal skills, strong multi-tasking and analytical skills and attention to detail.