Security-SIEM-Securonix - Security Analysis Specialist Advisor

Role Overview

The Threat Hunter, Advanced Security Analytics is a member of a team who proactively manages IT security on behalf of customers to reduce the impact of security incidents and system compromises. The successful candidate will provide security monitoring, level 2 and 3 event analysis, and countermeasure proposals. This position requires shift work in a 9/5 environment during US business hours and after-hours work may be required.

Role Responsibilities 

-Leads the Cyber Threat Hunt function with SOC Analysts, Incident Responders and Threat Managers.

- Conduct threat hunting and analysis using various toolsets based on intelligence gathered

- Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and in the host as necessary.

- Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT)

- Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team

- Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture

- Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs

- Provides guidance to contracted subordinates within the latitude of established policies.

- Recommends changes to policies and establishes procedures that affect immediate organization(s).

- Methodically examine all collected windows/linux host data for evidence of intrusion, malware, or unauthorized activity.

- Directly support the provide incident response support for critical security incidents as they arise

- Familiarity with offensive strategies and assessment methodology

- Work/Assist SIEM Admin team to create new use cases and provide them with all the required details.

Role Requirements 

• • Bachelor’s degree in related filed, to include computer science, or equivalent combination of education and experience
  • 6 years of SIEM, or SOC experience
  • Strong communication, written, and verbal skills
  • Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams
  • Customer service/support experience
  • Ability to conduct in-depth forensic analytical studies and investigations
  • 8-10 Yrs. of relevant experience.

Role Preferences

• • Splunk certification
  • Coding or scripting experience
  • Strong knowledge of  Unix/Linux
  • Security+, GIAC, SSGB, ITIL, or similar certification
  • Working knowledge of applicable industry controls such as NIST 800-536 or Mitre Attack Framework

Typical Years of Experience

• • Typically requires 10+ years relevant experience.

Physical Requirements / Working Conditions

• Ability to perform general office requirements.
  • Must be able to perform essential responsibilities with or without reasonable accommodations.