Sr Cyber Security Ops Analyst (1332573)

Contract: 1+ year

Pay rate : W2 hourly

Location: New Hyde Park, NY- Hybrid

Purpose

The Sr. Security Operations Analyst is responsible for security monitoring and incident response

for internal and external threats. The Sr. Security Operations Analyst performs advanced threat

analysis, collaborates with internal IT teams and MSSP for security monitoring response,

improves correlation and monitoring of security events, and leads security monitoring projects.

Key Responsibilities

Security Monitoring

• Conducts investigations and responds to internal and external security threats.
• Oversees, responds to, and remediates DLP (data loss prevention) and SIEM events from on premise and
  
  

cloud systems.

• Implements advanced security monitoring techniques to identify malicious behavior on SaaS, cloud
  
  

systems, network, servers, and endpoints.

• Manages, administrates, and improves security monitoring products for DLP, SIEM, EDR, AV, Cloud
  
  

Security products, IDS and other industry standard security technologies.

• Develops automation response scripts to remediate commodity threats.
• Performs threat hunting activities to identify compromised resources.
• Understands and performs threat analysis utilizing industry standard frameworks (kill chain and diamond
  
  

model).

• Performs threat research and intelligence gathering to improve detection and response capabilities.
• Proposes and helps review security plans and policies to improve the security environment.
• Maintains operational playbooks, process diagrams and documentation for security monitoring and
  
  

response.

• Reviews proposed Security deployments to ensure security monitoring requirements are met.
• Other duties may be assigned as needed to address new security threats facing the enterprise
  
  

environment.

• Provides off hour support as needed for security monitoring and response activities.
  
  

Incident Response

• Works closely with MSSP services, external forensic providers, and in house IT teams to respond to and
  
  

remediate security incidents both internal and external.

• Reviews compromised systems to identify root cause of security incidents and remediation actions that
• need to be taken.
• Researches new TTPs (tactics, techniques, and procedures) that threat actors are utilizing to undermine
  
  

enterprise IT environments.

• Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities,
  
  

and misuse activities, and distinguish these incidents and events from benign activities.

• Correlate incident data to identify specific vulnerabilities and make recommendations that enable swift
  
  

remediation.

• Plans, implements, and documents incident handling and response tasks and procedures.
  
  

Emerging Threats Monitoring

• Obtains information and stays up-to-date on the latest threats and security trends in a fast and efficient
  
  

way to keep the enterprise environment protected.

Service Desk and Incident Management

• Assists in the investigation and resolution of security issues
  
  

Essential Desirable

Knowledge, Experience & Qualifications

• Bachelor’s degree in Computer Science degree or related field or equivalent combination of industry related professional experience and education
• Working experience with Information Security, Network Security, and Security Monitoring and Incident Response
• Working experience with industry standard security technologies and services Firewalls, VPN, IDS, Endpoint Security, DLP, AV, Proxy, SIEM
• Strong experience with SIEM event/log analysis and GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA certification(s)
• Network / System Administration experience / background