Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: InfoSec Jobs - SANS Internet Storm Center InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior Information Security Analyst
Company Holman
Location Remote
Preferred GIAC Certifications GSEC, GCDA, GDAT, GCWN, GCIH
Travel 0%
Salary TBD
URL https://careers.holmanenterprises.com/us/en/job/R0038148/Senior-Security-Analyst-Security-Operations
Contact Name Brian
Contact Email Brian.Carroll/at/holman.com
Expires 2022-07-29

Job Description

- Perform vulnerability assessments and reviews; facilitating remediation planning, exposure tracking, communicating risk, and reporting on mitigation status
- Lead the development of security control assessments for common platforms and the implementation of findings from said assessments
- Facilitate Incident Response activities as a Subject Matter Expert through the Incident Response life-cycle
- Participate in the administration of security implementations (EPP/EDR, IPS/IDS, SIEM, etc.)
- Support the ongoing administration, design and use of the Security Information & Event Monitoring platform, ensuring audit trails, system logs and other monitoring data is reviewed and actionable.
- Support the ongoing administration, design and user of network segmentation tools and underlying concepts.
- Provides security architecture knowledge and design concepts to Information Technology and Development teams.
- Apply or recommend adaptive security measures based on investigative findings and threat monitoring
- Participate in and coordinates application security reviews, working with third party assessors and application owners to identify and remediate findings
- Performs second level investigation into user reported threats such as phishing, machine compromise, advanced threats, etc.
- Advise management on best practices, current trends, and pertinent changes in internal/external threats and opportunities for improvement. Presents action plans for implementation and approval
- Perform threat hunting based on Tactics, Techniques and Procedures (TTPs) and threat reporting from information sharing organizations (US-CERT, FS-ISAC, etc.)
- Provide technical expertise to support vendor and project reviews.
- Performs all other duties and special projects as assigned.

Preferred Technology Experience:

- Experience with network segmentation tools like Illumio, Guardicore, Zscaler ZWS, Cisco Tetration/ACI
- Significant Experience with SIEM technologies: Elasticsearch, Winlogbeat, Logstash, LogRhythm, Sigma
- Behavioral Endpoint Protection solutions: Cylance, SentinelOne, Crowdstrike
- Vulnerability Assessment services: Nexpose/InsightVM, Nessus, Qualys
- Network Detection Tools: Bro (Zeke), Suricata, Security Onion, etc.
- Firewall Technologies: Cisco ASA, Cisco Firepower, Palo Alto
- Familiar with any of Bash, Python, PowerShell