Cyber Security Defense Analyst
Location: Pasadena, CA
Seeking a Cyber Security Defense Analyst for its new organization. The Cyber Security Defense Analyst will be responsible for providing key Threat Intelligence, Detection and Response Services for the new CSS platform and cloud based virtual datacenter. The selected individual will have the opportunity to contribute to building a CSOC from the ground-up. The ideal candidate will be a cyber security specialist with very strong background in threat intelligence and analysis, security monitoring and Incident Response for a cloud-based services environment. A well-qualified candidate will be comfortable working with management to educate on cyber threats and handle sensitive matters.
The position provides an opportunity to participate in an energetic and fast paced environment using the latest in technology and tools to build and secure an advanced financial services processing platform. This position will report to the CSS Cyber Security Operations Center Manager.
- Perform threat and vulnerability assessment and provide subject matter expertise on appropriate threat mitigation.
- Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response.
- Leverage threat intelligence e.g. FSISAC, NCFTA while actively monitoring critical financial services infrastructure.
- Assess the impact of potentially malicious traffic on company network and infrastructure.
- Perform in-depth analysis in support of network monitoring and incident response operations.
- Perform live incident response (reactive and proactive incident management) by identifying and remediating malicious applications and infrastructure components.
- Collaborate with other Information Security and IT team members to develop and implement innovative strategies for monitoring and preventing attacks.
- Develop appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process.
- Develop/Monitor basic IDS/IPS rules to identify and/or prevent malicious activity.
- Develop and test new correlation content and use cases using SIEM filters, rules, data monitors, active lists, and session lists
- Conduct research of emerging security threats.
- Propose additional components and techniques that could be used to proactively detect and prevent malicious activity.
- Provide other services as a key member of the Cyber Security Operations Team:
- Security review and administration of changes to networks, servers and end point devices in collaboration with network operations.
- Security sensor policies for IDS/IPS, Firewalls, web security gateway, logging.
- Continuous Control Monitoring including Baseline Security - Configuration monitoring.
- Investigations and Forensics
Qualifications - External
- Bachelor's Degree or equivalent required
- 3+ years of related experience
SPECIALIZED KNOWLEDGE & SKILLS
- Must have experience in SOC/NOC environment
- Solid understanding of cloud based critical infrastructure systems security threats
- Deep experience with cyber security in the domains of cyber threat intelligence and analysis, security monitoring and Incident Response for a cloud-based services environment
- Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, understanding of attacks, and determination of countermeasures.
- Detailed experience of network and system vulnerabilities, malware, networking protocols, multi-tiered applications and attack methods to exploit vulnerabilities.
- Experience in a technical security role, including network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDS/IPS, and penetration and vulnerability testing
- Strong knowledge of networking fundamentals such as TCP/IP and basic packet analysis
- Candidate must have a working knowledge of network engineering and local and wide area (LAN/WAN) technologies and topologies.
- Must have experience with security and monitoring tools (i.e. – Log management, e.g. Splunk, Firewall management, e.g. Fortinet, IDS/IPS, SIEM, etc…).
- Knowledge and experience in Windows / Linux Operating Systems, baseline security configurations, audit, forensics, Patch Management for these OSs.
- Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials
- Be able to work in fast paced environment with occasional on-call activities.
- Excellent interpersonal skills, presentation skills, and verbal / written communication skills
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives
- Ability to manage multiple priorities – projects, deliverables, and stakeholders
- Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives
- Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies.
- Industry Certification desired, e.g. CISSP, CISM Certification etc..