Sr. Cyber Security Analyst
Date ActiveMar 23, 2021 12:00:00 AM
Hours Per Week40
Location436 Slater Road-HF308
Job Description/ Requirements
The Senior Cybersecurity Analyst is a hands-on, technical & strategic role within Webster's Security Operations Center (SOC). As an integral member Webster's Security Operations Center (SOC) team, the Senior Cybersecurity Analyst evaluates the end-to-end efficacy of the SOC's handling of security alerts, and makes recommendations to improve the detection and response capabilities of the SOC. The recommendations come in the form of roadmaps, or specific enhancements to technologies or workflow processes. The Senior Cyber Security Analyst will function as a content developer for alerts, coordinate threat hunting initiatives, approve requests for rule tuning, and review/approve requests for ticket closure. Additionally, this role will require suggestions for process improvements and control gaps applicable to the SOC. The Senior Analyst will work closely with Architecture and Engineering to ensure security controls are deployed in a manner to close identified gaps.
This role is the senior (L2/L3) subject matter expert (SME) for SOC investigations, in collaboration with our Managed Detection and Response (MDR) provider. As such, this candidate should be fluent in Threat Hunting, as well as Security Incident and Event Management (SIEM) technologies, alert correlations, Security Orchestration and Automated Response (SOAR), malware analysis, event triage, and Enhanced Detection and Response (EDR) systems. This position will report to Webster's Vice President of Information Security Operations, and will require extensive collaboration with other Security Architects, the Cybersecurity Incident Response Coordinator, and other IT platform owners.
MAJOR DUTIES & RESPONSIBILITES
The Senior SOC Cybersecurity Analyst will be responsible for evaluating the effectiveness and improving the following technology domains in place at Webster:
o Security Incident and Event Management (SIEM) -- Splunk experience is highly preferred.
o Security Orchestration and Automated Response (SOAR) tools -- Phantom experience is highly preferred.
o Data Protection Domain: includes DLP, URL Content filtering, CASB.
o Endpoint Threat Detection: includes EDR capabilities, traditional antivirus, asset management, and familiarity with baseline and configuration management tools.
o Next Generation Firewalls and/or IDS/IPS.
o Threat Hunting & Threat Intelligence.
o Threat Intelligence Platforms (TIP).
o Malware sandbox technologies & interpreting results.
o Incident Response tools, process, and capabilities.
o Splunk Enterprise Security experience desired.
* The Senior Cybersecurity Specialist will also be responsible for producing security roadmaps that into consideration the threat landscape and business needs
* Perform other duties as assigned.
EDUCATION, EXPERIENCE & SKILLS
* Bachelor's Degree required
* 5 -7 years (preferred) working within Cybersecurity field with
o Proven technical proficiency across multiple technologies & controls identified above.
o Proven proficiency with the identification, triage, and analysis of security events using a SIEM.
* Ability to work highly matrixed organization to identify stakeholders and Subject Matter Experts (SMEs).
* Experience assessing new security technology solutions.
* Prior experience managing vendor relationships.
* Strong attention to detail.
* Ability to develop security roadmaps and document workflow processes, to identify areas needing improvement.
* Splunk experience is highly preferred.
* Experience with malware analysis or at least the ability to interpret the results of a sandbox solution.
* Familiarity with threat intelligence and using external data sources for threat hunting.
* Experience with SIEM correlation searches, tuning, and rule creation.
* Proven technical expertise, evidenced by vendor or security certifications -- preferably (ISC)2 CISSP and ISSAP, or ISACA CISM, or SANS GIAC certifications.
* Strong desire to constantly improve personal skillsets, attend training, learn new concepts, enthusiasm, be curious etc.
* Ability to think outside the box, be creative, and act independently.
* Providing feedback and recommendation for process improvement is required for this role.
* Passion & drive for security is a must.