Senior Cyber Threat Analyst
Columbus, GA | Contract To Hire
Senior Cyber Threat Analyst
- Proactive monitoring and response of known and or emerging threats against the client's network
- Recognize and investigate intrusion attempts and perform in-depth analysis of exploits.
- Differentiate false positives from true intrusion attempts
- Determine impact of potential intrusions on the company's network and infrastructure
- Conduct cyber intelligence analysis, coordination, and interaction across the company's networks and infrastructure components
- Conduct detailed security event analysis from network traffic attributes and host-based attributes (memory analysis, binary analysis, etc) to identify information security incidents
- Provide expertise to support timely and effective decision making of when to declare an incident
- Provide incident response support when analysis confirms actionable incident, this includes implementation of containment, protection, and remediation activities.
- Document all activities during an incident and providing leadership with status updates.
- Correlate threat data from various sources. Conduct research and evaluate threat intelligence to develop in-depth analysis and assessment on threats to critical networks and infrastructure components.
- Publish incidents, alerts, advisories, and bulletins as required
- Expand the usage of security monitoring tools to improve the security of the environment, including detection, prevention and policy enforcement; define security configuration for monitoring tools, including alerts, correlation rules and reporting
- Build and maintain common Indicators of Compromise to hunt throughout the environment for security events
- Lead cyber security incident investigations
- Stay abreast of latest vulnerabilities, exploits and other relevant threat-related information
- Conduct analysis and trending of security log data
- Coach and mentor Level 1 security analysts
- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall Threat Management Center functions.
- Candidates should have experience working in SOC/NOC environment.
- Experience in one or more areas such as network operations or engineering (packet analysis), system administration on Unix, Linux, MAC, or Windows, security operations systems, Intrusion Detection Systems (IDS/IPS), anti-virus log collection
- High competence and experience reviewing raw log files, data correlation and analysis (IDS/IPS, Firewalls, network flow, system logs, SIEM)
- Advanced knowledge of attack models, methods of attack, network protocols, file systems and file format specifications
- Strong working knowledge of malware in its varying forms, common delivery mechanisms, and common mitigation steps
- Ability to convey security concepts related cybersecurity events to both technical and non-technical audiences
- Ability to react quickly, decisively, and deliberately in high stress situations
- Scripting skills (e.g., PERL, Python, shell scripting)
- Experience conducting incident response, computer forensics, and traffic capture and analysis
- Strong analytical skills and an ability to quickly learn and adapt to new technologies
- Four year college degree and 4 or more years related experience or 6 or more years professional experience in security operations, information technology operations, or network operations required.
- Industry recognized professional certification such as CISSP, GCIH, GCIA, CEH, Security+