Location: El Paso TX
Company Name: Bitdefender
Occupational Category: 15-1122.00,Information Security Analysts
Date Posted: 2020-02-10
Valid Through: 2020-03-11
Employment Type: FULL_TIME
Senior Security Analyst
Primary Responsibility: The Senior Security Analyst supervises the real-time monitoring and analysis of security events from multiple. Serve as the technical escalation point and mentor for junior analysts. Maintain a strong awareness of the current threat landscape and how it could be applicable to customer environments. Create knowledge base articles for handling low severity incidents. This position requires an analytical, detailed-oriented individual able quickly triage events (assess the priority, determine risk).
Using the Cyber Kill Chain, indicators of activity and indicators of compromise with current intelligence information to proactively review customers environments searching for anomalous behavior across network, host and logs data. Creates, reviews, and updates queries to search for advanced threats.
Coordinate with intelligence analysts to correlate threat assessment data. Conduct research, analysis, and correlation across a wide variety of all source data sets in order to hunt for malicious activity in customer environments.
Lead an Incident Response Team to investigate and remediate active threats while accurately documenting results using standard incident response techniques. Be able to collect and analyze intrusion artifacts and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Conduct analysis of log files, evidence, and other information in order to determine best methods for identifying network intrusion. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion. Respond and communicate to customers during process using a calm and easily understandable language. Write and publish after action reviews that will be used to enhance security postures.
Knowledge/Skills Ability: Be able to demonstrate working knowledge and understanding of the following:
• Current Incident Response Methodologies
• Current Cyber Investigative Techniques
• Current Cyber Threat Trends
• Concepts and best practices of acquiring and processing of digital forensic data.
• Knowledge of computer networking concepts and protocols, and network security
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic
• logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
• Cybersecurity principles
• Cyber threats and vulnerabilities
• Specific operational repercussions for lapses of cyber security best practices
• Cloud based Infrastructure (AWS, Azure, GCP)
• Administration of Windows and Unix/Linux operating systems.
• Identify applications and operating systems of a network device based on network traffic.
• Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant
• information and where to find those system files.
• Hacking methodologies and conducting forensic analyses in Windows or Unix/Linux
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code,
• cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections,
• race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how
• they interact to provide network communications
• How to perform packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• Security Information and Event Management tools - Searching, aggregating, and correlating data
• Anti-forensics tactics, techniques, and procedures
• Skill in analyzing anomalous code as malicious or benign and identifying obfuscation techniques
• One or more of the following: Python, C++, Java, Bash, Powershell
Minimum Experience/Education: Bachelor?s Degree in information security, Information Technology, Mathematics, Computer Science, or equivalent experience. 4+ years? SOC experience or log & information collection and analysis in a production networks (may be subsisted for training/certificates); must be able to obtain and maintain IT Security certifications