Location
Madison, WI | United States
Job description
Cybersecurity Analyst - SOC Threat/Incident Response
Beacon Technologies is seeking a Cybersecurity Analyst for our client partner. This role will plan and carry out security measures to protect our client's computer networks, systems and preventing cyber-attacks through monitoring and alerts. They are to protect and improve existing security defenses, perform technology risk assessments and ensure compliance for regulations, policies and procedures. This role will manage the security evaluation and mitigation of vulnerabilities on desktop endpoints, identifying trends and threats to our client’s infrastructure, analyzing and validating event data collected by security tools, responding to security alerts, using identified security tools (as identified below), and coordinating the incident detection and response activities related to identified security events. Contractor activities will include performing detection alerting security services consistent with the expectations of Cyber Fusion Center (CFC) personnel as outlined in the CFC process and procedure documentation. This role will facilitate support services for end-users and assist in the troubleshooting and remediation process related to identified security incidents. This will include facilitating events in the ticketing management system. When appropriate the Contractor may make recommendations to CFC leadership to increase the overall security posture for the organization.
Business processes (including current software tools used) in scope include: Microsoft Sentinel SIEM, Microsoft E5 Enterprise Cybersecurity Suite including Defender Endpoint Detection and Response solution, Palo Alo XDR Endpoint Detection and Response solution, Palo Alto XSOAR, Zscaler, Network vulnerability scanning, intrusion detection, intrusion prevention, firewall monitoring (to include NGFW), log management, cyber threat intelligence feeds and databases, Service Now Security Incident Response (SIR), Incident Management (INC) modules automated ticket management, Proofpoint and Microsoft O365 Email Security Monitoring, and threat hunting.
Primary Accountabilities:
- Perform proactive analysis and correlation of a variety of real time and captured Host/network/hardware logs & alerts with a focus on anomalous security event detection.
- When suspected security events are identified:
- Conduct second & third level support, analysis, and resolution of identified/reported security events.
- Conduct detailed analysis of suspected events to determine if there are indicators of information exposure or compromise.
- Initiate the incident response process when a security event meets the incident response guidelines including:
- Notifying SOC leadership team and their designated stakeholders of the suspected incident.
- Initiate the containment protocols as outlined in the Incident Response Plan.
- Complete appropriate documentation of the event including updating the ticketing system and communicating identified security event details in real time, as appropriate. Assist end-users by remotely responding to security type patching/upgrade system misconfigurations utilizing remote access connection capabilities.
- Perform system log analysis of correlated security event logging platform to identify indicators of attack/compromise including:
- Host-based system logs.
- Network traffic logs.
- Firewall logs.
- Intrusion detection system logs.
- Monitor and respond to end-user reported security events including phishing email reporting and anomalous security event detection.
- Respond to and facilitate security service requests in a timely and detail-oriented fashion. The position will require you to be periodically on call for after-hours incidents.
Minimum Requirements:
- 2+ years of SOC threat detection, incident response experience.
- 1+ years of senior SOC team lead experience.
- Industry certifications: SANS GCIH, GCFA, GCTI, GCFE, GNFA; GIAC GCIH; ECIH; CSIRT; CCSP; CISSP; MS AZ-500, AZ-104, CS-900, CompTIA Security Plus, Certified Ethical Hacker.
Technical experience in at least three of the following areas:
- Windows operating system security control configuration/disk and memory forensics. Apple IOS, Android device provisioning and security configuration.
- MS Sentinel or Splunk SIEM/SOAR security monitoring, network traffic analysis, and log analysis.
- Unix or Linux security control configuration/disk and memory forensics.
- Static and dynamic malware analysis.
- Applied knowledge in at least one scripting or development language (such as Python, JAVA).
- Thorough understanding of enterprise security architecture; security controls in Active Directory/ MS Windows environments.
- Thorough understanding of commercial cloud services (AWS, MS Azure, GCP).
Knowledge Skills and Abilities:
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of cybersecurity principles.
- Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of specific operational impacts of cybersecurity lapses.
- Knowledge of basic system administration, network, and operating system hardening techniques.
- Knowledge of cloud service models and security controls.
- Knowledge of cyber defense policies, procedures, and regulations.
- Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non- nation state sponsored], and third generation [nation state sponsored]).
- Knowledge of disaster recovery continuity of operations plans.
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of how network services and protocols interact to provide network communications.
- Knowledge of incident categories, incident responses, and timelines for responses.
- Knowledge of incident response and handling methodologies.
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
- Knowledge of malware analysis concepts and methodologies.
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
- Skill in performing damage assessments.
- Skill in preserving evidence integrity according to standard operating procedures or national standards.
- Skill in protecting a network against malware.
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
- Skill in securing network communications.
- Skill in using security event correlation tools.
- Skill of identifying, capturing, containing, and reporting malware.
- Knowledge of an organization's information classification program and procedures for information compromise.
- Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
- Knowledge of host/network access control mechanisms (e.g., access control list).
- Knowledge of network traffic analysis methods.
- Knowledge of packet-level analysis.
- Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network.
About Beacon Technologies:
Are you looking to advance your career in information technology? Beacon Technologies offers career advancement opportunities, extensive training, and excellent benefits including paying for health and dental premiums for salaried employees. In addition to providing interesting opportunities, Beacon Technologies provides that old fashioned, personal touch, so you feel like a part of the Beacon team.
Beacon Technologies, Inc. is an equal employment opportunity employer with a functioning Affirmative Action Plan. It is the policy of Beacon Technologies, Inc. to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, marital status, citizenship, national origin, genetic information, ethnicity, ancestry, disability, medical condition, military and veteran status, or any other characteristic protected by law. Beacon Technologies, Inc. prohibits any such discrimination or harassment.
Job tags
Salary