US
0 suggestions are available, use up and down arrow to navigate them
PROCESSING APPLICATION
Hold tight! We’re comparing your resume to the job requirements…
ARE YOU SURE YOU WANT TO APPLY TO THIS JOB?
Based on your Resume, it doesn't look like you meet the requirements from the employer. You can still apply if you think you’re a fit.
Job Requirements of IT - Specialist Cybersecurity Operations:
-
Employment Type:
Contractor
-
Location:
Newark, NJ (Onsite)
Do you meet the requirements for this job?
IT - Specialist Cybersecurity Operations
Careers Integrated Resources Inc
Newark, NJ (Onsite)
Contractor
contractor-to-hire
Job Description:
The role is actively and continuously searching for malicious internal and external threats as a Tier-3 analyst as well as working with the other Cybersecurity Analysts to ensure 24/7/365 Cyber Security Operations Center (CSOC) support. This role will also function as the Incident Coordinator for complex cybersecurity incidents and function as a subject matter expert on cyber security technologies and concepts.
Job Description Responsibilities:
The Senior Cybersecurity Operations Analyst will be responsible for advance level threat hunting and investigations by utilizing Security Event and Incident Management (SIEM) system and other cyber security tools such as User Behavior Analytics (UBA) tools, Endpoint Detection and Response (EDR) tools, Network security tools, Email security tools, Cloud security tools etc. This role will also perform research at the request of junior Analysts.
- Act as the incident coordinator by leading incident response actions for active cybersecurity incidents including third party incidents, provide updates to leadership, and follow through until incident is satisfactorily resolved.
- Provide technical and thought leadership within CSOC by teaching other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents and other anomalies regularly. Recommend and implement new CSOC practices and approaches(automation) to address program improvements.
- Conduct in-depth investigations on complex incidents efficiently to neutralize a threat.
- Design, implement, and optimize a proactive/predictive Insider Threat Program leveraging statistical analysis and machine learning (UEBA).
- Research and develop new statistical and behavioral detection capabilities for identifying Advance Persistent Threats (APTs) and in support of the CSOC strategies.
- Review current tooling to identify gaps and incremental monitoring opportunities. Communicate needs to engineering teams that support CSOC. Assesses new security technologies to determine potential value for the enterprise.
- Create and maintain standard operating procedures for key functions in CSOC including step-by-step guides to technologies used by analysts.
-Assesses new security technologies to determine potential value for the enterprise.
- Adhere to established Service Level Agreements (SLAs) and operational KPIs. Based on severity of the incident, this role may be called to work extended hours as needed.
Education/Experience
- High School Diploma or GED required.
- Bachelor degree in information security/computer science or related technical discipline preferred or relevant experience in lieu of degree.
- Requires a minimum of 8 years of Cyber security related work experience which consists minimum 3 years prior experience detecting/responding to cybersecurity incidents using Splunk or similar SIEM platform.
- Experience in the health care and/or financial services industries is strongly preferred.
Additional Licensing, Certifications, Registrations
- Management level security certifications such as CISSP, CISM or similar highly preferred.
- Certified in one or more of the following: SANS GIAC (GCIH, GCIA, GMON, GCED, GCDA, GPEN, etc.), CEH, or similar cybersecurity certification.
- SPLUNK SIEM and/or Splunk SOAR certification highly preferred.
Knowledge, Skills, and Abilities:
- Requires an expert level understanding of IT security concepts with an emphasis on advanced detections, digital forensics, and incident response.
- Ability to do malware analysis and reverse engineering with good understating of Advance Persistent Threats (APTs), cybercrime, botnets and other cybersecurity Tools, Tactics and Procedures (TTPs)
- Technical knowledge of enterprise-class network technologies such as firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems (Windows and *nix) Demonstrated understanding/familiarity with networking fundamentals including subnetting, TCP/IP, and internet protocols such as SSL, DNS, HTTP, FTP, etc.
- Thorough understanding of Microsofts enterprise technology platform, including Azure, Active Directory, SQL, Office365, and the Windows server and desktop operating systems.
- Knowledge in four or more cybersecurity tools covering endpoints, email, network, database, web, data loss prevention (DLP), behavior analytics, cloud, access control etc
- Good understanding of AWS cloud security controls
- Advance knowledge in Splunk Enterprise Security and Splunk SOAR with ability for Splunk/ SOAR detection engineering
- Proficiency with Windows PowerShell or Python scripting language
- Strong verbal and written communication skills, including the ability to provide technical thought leadership on security incident investigation calls with other technology teams, and the ability to translate complex technical concepts into plain English for consumption by non-technical audiences.
- Requires excellent interpersonal skills and the ability to work effectively with others as a team.
Job Description:
The role is actively and continuously searching for malicious internal and external threats as a Tier-3 analyst as well as working with the other Cybersecurity Analysts to ensure 24/7/365 Cyber Security Operations Center (CSOC) support. This role will also function as the Incident Coordinator for complex cybersecurity incidents and function as a subject matter expert on cyber security technologies and concepts.
Job Description Responsibilities:
The Senior Cybersecurity Operations Analyst will be responsible for advance level threat hunting and investigations by utilizing Security Event and Incident Management (SIEM) system and other cyber security tools such as User Behavior Analytics (UBA) tools, Endpoint Detection and Response (EDR) tools, Network security tools, Email security tools, Cloud security tools etc. This role will also perform research at the request of junior Analysts.
- Act as the incident coordinator by leading incident response actions for active cybersecurity incidents including third party incidents, provide updates to leadership, and follow through until incident is satisfactorily resolved.
- Provide technical and thought leadership within CSOC by teaching other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents and other anomalies regularly. Recommend and implement new CSOC practices and approaches(automation) to address program improvements.
- Conduct in-depth investigations on complex incidents efficiently to neutralize a threat.
- Design, implement, and optimize a proactive/predictive Insider Threat Program leveraging statistical analysis and machine learning (UEBA).
- Research and develop new statistical and behavioral detection capabilities for identifying Advance Persistent Threats (APTs) and in support of the CSOC strategies.
- Review current tooling to identify gaps and incremental monitoring opportunities. Communicate needs to engineering teams that support CSOC. Assesses new security technologies to determine potential value for the enterprise.
- Create and maintain standard operating procedures for key functions in CSOC including step-by-step guides to technologies used by analysts.
-Assesses new security technologies to determine potential value for the enterprise.
- Adhere to established Service Level Agreements (SLAs) and operational KPIs. Based on severity of the incident, this role may be called to work extended hours as needed.
Education/Experience
- High School Diploma or GED required.
- Bachelor degree in information security/computer science or related technical discipline preferred or relevant experience in lieu of degree.
- Requires a minimum of 8 years of Cyber security related work experience which consists minimum 3 years prior experience detecting/responding to cybersecurity incidents using Splunk or similar SIEM platform.
- Experience in the health care and/or financial services industries is strongly preferred.
Additional Licensing, Certifications, Registrations
- Management level security certifications such as CISSP, CISM or similar highly preferred.
- Certified in one or more of the following: SANS GIAC (GCIH, GCIA, GMON, GCED, GCDA, GPEN, etc.), CEH, or similar cybersecurity certification.
- SPLUNK SIEM and/or Splunk SOAR certification highly preferred.
Knowledge, Skills, and Abilities:
- Requires an expert level understanding of IT security concepts with an emphasis on advanced detections, digital forensics, and incident response.
- Ability to do malware analysis and reverse engineering with good understating of Advance Persistent Threats (APTs), cybercrime, botnets and other cybersecurity Tools, Tactics and Procedures (TTPs)
- Technical knowledge of enterprise-class network technologies such as firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems (Windows and *nix) Demonstrated understanding/familiarity with networking fundamentals including subnetting, TCP/IP, and internet protocols such as SSL, DNS, HTTP, FTP, etc.
- Thorough understanding of Microsofts enterprise technology platform, including Azure, Active Directory, SQL, Office365, and the Windows server and desktop operating systems.
- Knowledge in four or more cybersecurity tools covering endpoints, email, network, database, web, data loss prevention (DLP), behavior analytics, cloud, access control etc
- Good understanding of AWS cloud security controls
- Advance knowledge in Splunk Enterprise Security and Splunk SOAR with ability for Splunk/ SOAR detection engineering
- Proficiency with Windows PowerShell or Python scripting language
- Strong verbal and written communication skills, including the ability to provide technical thought leadership on security incident investigation calls with other technology teams, and the ability to translate complex technical concepts into plain English for consumption by non-technical audiences.
- Requires excellent interpersonal skills and the ability to work effectively with others as a team.
Get job alerts by email.
Sign up now!
Join Our Talent Network!