Execute on the strategy of the data security analytics program.
Analyze sensitive authentication activities and privilege combinations that could lead to abuse; monitor privileged access activity for possible abuse; monitor suspicious and/or inappropriate web activity; assess data leakage vulnerabilities; and establish baseline usage information and trends.
Create and review reports on event anomalies.
Investigate and respond to security events.
Perform hunting in available data sources to identify patterns of misuse, and recommend areas for coverage and data feed improvements.
Evaluate the quality of provided data sources and recommending improvements to the sensing capabilities and coverage.
Perform triage activities on potential threats discovered during historical analysis.
Appropriately apply proprietary and public threat intelligence to enhance the analytic model(s) and security of the enterprise.
Perform root cause analysis on security incidents and provide recommendations for containment and remediation.
Assist in delivering timely and accurate reporting to executives.
Qualifications
Bachelor’s or Master’s Degree in Computer Science, Information Technology, Engineering or a related field.
2+ years working within the information security field with emphasis on security event analysis and cyber forensic investigations
2+ years of experience with scripting/programming language development and best practices
2+ years of Incident Management experience
Expert knowledge of TCP/IP, common protocols and standards.
Experience with Firewall systems.
Experience with IPS/IDS systems.
Experience with Security scanning tools, such as Nessus or others.
Experience with Web Vulnerability
Experience with scripting/programming language development and best practices
Knowledge of Incident Management processes
Experience with SIEM technologies such as HP ArcSight and/or Splunk
Understanding of cyber-attack patterns and vectors, as well as compensating controls and mechanisms.
Experience working with information security practices, networks, software, and hardware.
Ability to convey a strong presence, professional image, and deal confidently with complex technical problems
Professional certifications to include CompTIA Security+, CEH