A senior (10+ years) Cyber security analyst/Engineer with extensive experience working with MSFT Sentinel SIEM, MITRE ATT&CK framework, leading SOC teams during cyber monitoring, hunting, and incident response investigations is required.
TAMPA, ORLANDO AND JACKSONVILLE ARE NOT COMMUTABLE TO DERFIELS BEACH AND WOULD REQUIRE RELOCATION **Candidates must have Long Projects/Good Tenure, Excellent communication skills and a State issued ID (Not Bills) showing they are Local.
Managers Notes
This is lead position
Cybersecurity LEAD Analyst – I would even say maybe an engineer
Experience with Logs – search the log needed and figure out if the log is being correlated directly
Alerts – Creating Alerts
I asked him to give me 5 key skill words that they need to have
Correlation searches – A must have
Mitre Attack framework – A must have
Experience with Dashboards and incident response vulnerability management – A must have
Live dashboards would be a big +
Automation would be a big plus
He also spoke about Red team and purple team
Some Of The Tools They Use
Sentinel One
Defender
Halcyon
Tanium
Job Description
The Lead Senior Cyber-Security Analyst is a key member of the Information Security department and reports directly to the Manager, Security Operations Team with the primary responsibility to oversee the activities of Cyber Security Analysts within the Security Operations Team with regards to: Security Monitoring, Investigations and response, and threat intelligence.
Responsibilities Include But Not Limited To
Manage and conduct hands-on technical detection, analysis, containment, eradication, and response in support of day to day operations
Establish trust and business relationships with customer and other relevant stakeholders
Perform analysis and quality assurance for analyst product and work.
Technical lead for Security Incidents
Accountable for all Security Incidents tracked and Investigated by the Security Operations team.
Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high quality analysis and work products
Capture Cybersecurity metrics in direct-support to executive-level briefings (daily, weekly, monthly)
Contribute to and lead improvements to the Security Operations monitoring, hunting, and incident management processes.
On critical security incidents, acts as incident manager and primary point of contact.
Lead Post-Incident Reviews.
Perform other related duties as assigned.
Creation and upkeep of attack vector specific playbooks for security incidents.
Accountable to lead all security incidents to timely and proper closure.
Responsible to be the Incident commander that drives the activities all individual involved in the incident.
Each incident will also be assigned a SecOps Analyst who will have responsibilities for a majority of the activities.
This role will also be responsible for driving individuals from other companies and areas, including vendors, JM TechOps, and the JM Business.
Timely reporting/updates on all relevant threats and incidents to management.
Able to oversee multiple investigations/incidents concurrently providing proper direction to each work stream.
Take’s appropriate “Preparation” steps – creating knowledge, artifacts, and tools to be used during an actual incident.
Desired Skills
Demonstrated experience working with MSFT Sentinel SIEM.
Possess a deep understanding of threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP and other network and system monitoring tools.
Needs to develop deep understanding of JM Family systems and how they might be attacked.
Deep understanding of popular attack vectors and how they might be used to infiltrate our systems.
Must understand proper handling of forensics.
Ability to explain complex security issues to analysts, engineers, managers, and executives
Highly independent and self-directed individual capable of working with minimal supervision.
In-depth experience of network devices such as switches and routers
In-depth experience of Microsoft Windows systems including active directory
In-depth experience performing forensics, malware reverse engineering, and penetration testing
Qualifications/Requirements
Bachelor’s Degree in IT related field or higher OR 10 years experience in an information technology field with a minimum of 3 years of cyber security response experience on a SOC/CIRT Team.
Experience leading SOC teams during cyber monitoring, hunting, and incident response investigations is required.
Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments.
General knowledge and understanding of information security and privacy-related regulations.
Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment
Experience driving measurable improvement in monitoring and response capabilities at scale.
Critical thinking skills and the ability to solve problems as they arise
Experience performing forensics, malware reverse engineering, and penetration testing
In-depth understanding of security issues across many different platforms and capability to articulate and communicate these issues to both technical and non-technical audiences
Strong written and verbal communication skills required.
Possess Any Of The Following Are Preferred
Certified Information Systems Security Professional (CISSP)
GIAC Certifications 500 Level and Above
Seniority level
Associate
Employment type
Contract
Job function
Information Technology
Industries
Software Development, Computer Networking Products, and Computer and Network Security
Referrals increase your chances of interviewing at TekIntegral by 2x