Senior Security Operations Analyst
Developer of enterprise operating system designed to support the development and management of decision platforms in virtually any business domain. The company's system delivers customers advanced detection and monitoring, adaptive response, and risk optimization capabilities against advanced attackers, enabling clients to quickly and easily integrate all of the disparate data sources across the enterprise into a unified analytics infrastructure to make better decisions. Job
Summary:
A Senior Security Operations Analyst is responsible to the Director of Security Operations for the successful support of the QOMPLX Corporate information security program, security operations center, customers, and communicating with internal teams to improve QOMPLX tools based on use and customer feedback. This person will possess a deep technical knowledge across the security and networking landscapes and will have prior experience interacting with DevOps/product management teams. Analysts will be responsible for maintaining communications with the SOC Lead, SOC Engineers, DevOps, and other departmental technical experts across the company in relation to cyber security events/response/support. The Senior Security Operations Analyst is responsible for working with team Security Analysts to help guide incident investigations by applying industry best practice, corporate governance and personal knowledge, ensuring that case management and daily monitoring activities are performed to meet service levels established. This candidate will have broad knowledge of the security analytics problem space and bring new understanding of toolsets and processes to advance the day-to-day operational team activities for both internal and external customer operational needs. This role is a Subject Matter Expert (SME) in this technical position with hands-on understanding and broad experience in security operational constructs such as DevSecOps, detection content development, systems security engineering, virtualized computing environments and cloud SaaS/IaaS/PaaS operating fundamentals. This role will assist in the development and application of new and unique threat detections to ensure SOC toolsets and threat intelligence gathering are instrumented appropriately. This role aids in process documentation creation and maintenance and works with DevOps/product management for improvements based on customer and internal analyst feedback. The role is also responsible for identifying and protecting the QOMPLX Corporation and its customers from new risks and threats by maintaining an advanced level of understanding of the technologies involved with security, network analysis as well as possessing an analytical mindset to support the dynamic operations of the SOC. As a Senior Security Operations Analyst, you will be responsible for monitoring, analyzing, and detecting Cyber events and incidents within operations supervision. Consult on integrated cyber security defense issues and leverage solutions to administer supporting services including intrusion prevention/detection, situational awareness, security events, data spillage, and incident response actions. Participate in testing, deploying, and administering the infrastructure hardware and software required to effectively manage the QOMPLX SOC, as well as our customer deployments. Our ideal candidate will have a strong work ethic, fantastic attitude and be comfortable tackling any challenge set before him or her. We provide significant flexibility and autonomy to team members, have high expectations and expect everyone to contribute meaningfully to our broader collective goals.
Responsibilities:
This is a subject matter expert (SME) technical role. The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple technical operations areas and business segments Prevent, detect, and respond to cyber security and other operational needs Contributes to the development and maintenance of the operations Center to support business priorities Develops and leads Security Operations Analysts to ensure security threat information, system log information, and sources of external intelligence are combined to provide real time response to cyber events Defines, gathers and reports on metrics regarding all the security operations center Coordination with QOMPLX's internal departments to support business requirements related to daily operational needs, including but not limited to, network design, firewall configuration, load balancing, remote access, strong authentication, vulnerability scanning, VPN management Automating and streamlining test network deployment operations and processes to maintain timely testing and security of QOMPLX OS Working collaboratively across teams to ensure consistent, performant, appropriate and secure cyber controls Participates as needed in all phases of cyber security program development with emphasis on the planning, analysis, testing, integration, documentation, and presentation phases Applies principles, methods and knowledge of the functional area of capability to specific task order requirements, to exceptionally difficult and narrowly defined technical problems in engineering and other scientific applications to arrive at automated solutions. Identifying and incorporating open source information security tools into QOMPLX Corporate Troubleshooting and resolving issues in development, test and production environments Supporting and assisting in deployments and client integrations as needed
Qualifications:
Reside in the greater Washington D.C. area or able to relocate Bachelors Degree or 4 years of relevant work experience Minimum of 4-7 years of experience in roles related to cyber security operations performing cyber security analysis, process and procedures Willing to work shifts to support 7/24 operations, including weekend and on-call coverage Thorough understanding and direct application of MITRE ATT& CK framework Direct involvement in data source normalization techniques and methods Conversational knowledge of SIGMA, HELK, ELK, YARA open source projects Knowledge in SOAR, CASB, UEBA 4-7 years of hands-on experience in operational using SEIM, firewall, IDS/IPS, proxy, DLP, and/or virtualization tools in support of detection, response, mitigation, and/or reporting of cyber threats affecting systems and networks 3 or more years working in a 7/24 security operations environment with hands-on event analysis Experience in cyber security intrusion detection/analysis/response and creating new rules and filters in a variety of tools to support these actions Understanding of Cloud based services supporting production SaaS platforms including web applications and data analytic services Knowledge of IT Security principles, techniques and technologies Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures. Knowledge and understanding in computer evidence seizure, computer forensic analysis, and data recovery, network forensics and system log analysis. Experience with current cyber threats and the associated tactics, techniques and procedures used to exploit computer networks. Knowledge of performing risk, business impact, control and vulnerability assessments. Broad knowledge of security best practices, security solutions, and methodologies for conducting advance security assessments, to include manual assessments and malicious user testing Proficient working with various Infrastructure tools/technologies such as SCCM, GPO, Active Directory/Kerberos Strong background in Microsoft Windows and Linux/Unix Experience in developing and deploying critical security architecture solutions such as SEIM, Firewalls, IDS/IPS, Proxies, DLP, Virtualization, and Host security solutions. Experience with Vulnerability scanners like Nessus, MVM, Qualys, etc. Understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring. Knowledge of Networking protocols and technologies, e.g. TCP/IP, firewalls, routers, etc. Experience in working in cyber security operations (CSOC, SOC, CIRT, CSIRT) enterprise environment Excellent communication skills - both written and verbal Effective organizational skills with strong attention to detail Collaborative in nature Desirable:
Experience and interest in security considerations for large-scale distributed systems, API-driven services, and API vulnerability assessment Experience in a 7/24 cyber security operations environment for 6 or more years with hands-on event analysis Interest/experience in DevOps and deployment associated with containerization and container orchestration technologies such as Docker and Mesosphere Ideas on how to do cyber security operations differently Malware analysis experience using sandbox or with static analysis Experience with program/scripting languages; Python, Go, JSON, PowerShell, Bash, etc. Good understanding of frameworks such as ISO 17799/27001/27002, and other relevant compliance such PCI, HIPPA, SOX, NERC, FISMA, FFIEC, SOC 1/2/3, and GLBA and others IT Security Certifications like CISSP, CISM, CISA, CEH, GCIH, GCIA, OSCP, etc. Compensation &
Benefits:
? Competitive salary up to $130,000 based on experience. ? Full range of benefits including 401(k) and medical, dental & vision coverage. ? Flexible Personal Time Off (PTO) plan and 10
paid holiday days per year.
Salary Range:
$80K -- $150K
Minimum Qualification
Business Intelligence & Analytics, IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Summary:
A Senior Security Operations Analyst is responsible to the Director of Security Operations for the successful support of the QOMPLX Corporate information security program, security operations center, customers, and communicating with internal teams to improve QOMPLX tools based on use and customer feedback. This person will possess a deep technical knowledge across the security and networking landscapes and will have prior experience interacting with DevOps/product management teams. Analysts will be responsible for maintaining communications with the SOC Lead, SOC Engineers, DevOps, and other departmental technical experts across the company in relation to cyber security events/response/support. The Senior Security Operations Analyst is responsible for working with team Security Analysts to help guide incident investigations by applying industry best practice, corporate governance and personal knowledge, ensuring that case management and daily monitoring activities are performed to meet service levels established. This candidate will have broad knowledge of the security analytics problem space and bring new understanding of toolsets and processes to advance the day-to-day operational team activities for both internal and external customer operational needs. This role is a Subject Matter Expert (SME) in this technical position with hands-on understanding and broad experience in security operational constructs such as DevSecOps, detection content development, systems security engineering, virtualized computing environments and cloud SaaS/IaaS/PaaS operating fundamentals. This role will assist in the development and application of new and unique threat detections to ensure SOC toolsets and threat intelligence gathering are instrumented appropriately. This role aids in process documentation creation and maintenance and works with DevOps/product management for improvements based on customer and internal analyst feedback. The role is also responsible for identifying and protecting the QOMPLX Corporation and its customers from new risks and threats by maintaining an advanced level of understanding of the technologies involved with security, network analysis as well as possessing an analytical mindset to support the dynamic operations of the SOC. As a Senior Security Operations Analyst, you will be responsible for monitoring, analyzing, and detecting Cyber events and incidents within operations supervision. Consult on integrated cyber security defense issues and leverage solutions to administer supporting services including intrusion prevention/detection, situational awareness, security events, data spillage, and incident response actions. Participate in testing, deploying, and administering the infrastructure hardware and software required to effectively manage the QOMPLX SOC, as well as our customer deployments. Our ideal candidate will have a strong work ethic, fantastic attitude and be comfortable tackling any challenge set before him or her. We provide significant flexibility and autonomy to team members, have high expectations and expect everyone to contribute meaningfully to our broader collective goals.
Responsibilities:
This is a subject matter expert (SME) technical role. The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple technical operations areas and business segments Prevent, detect, and respond to cyber security and other operational needs Contributes to the development and maintenance of the operations Center to support business priorities Develops and leads Security Operations Analysts to ensure security threat information, system log information, and sources of external intelligence are combined to provide real time response to cyber events Defines, gathers and reports on metrics regarding all the security operations center Coordination with QOMPLX's internal departments to support business requirements related to daily operational needs, including but not limited to, network design, firewall configuration, load balancing, remote access, strong authentication, vulnerability scanning, VPN management Automating and streamlining test network deployment operations and processes to maintain timely testing and security of QOMPLX OS Working collaboratively across teams to ensure consistent, performant, appropriate and secure cyber controls Participates as needed in all phases of cyber security program development with emphasis on the planning, analysis, testing, integration, documentation, and presentation phases Applies principles, methods and knowledge of the functional area of capability to specific task order requirements, to exceptionally difficult and narrowly defined technical problems in engineering and other scientific applications to arrive at automated solutions. Identifying and incorporating open source information security tools into QOMPLX Corporate Troubleshooting and resolving issues in development, test and production environments Supporting and assisting in deployments and client integrations as needed
Qualifications:
Reside in the greater Washington D.C. area or able to relocate Bachelors Degree or 4 years of relevant work experience Minimum of 4-7 years of experience in roles related to cyber security operations performing cyber security analysis, process and procedures Willing to work shifts to support 7/24 operations, including weekend and on-call coverage Thorough understanding and direct application of MITRE ATT& CK framework Direct involvement in data source normalization techniques and methods Conversational knowledge of SIGMA, HELK, ELK, YARA open source projects Knowledge in SOAR, CASB, UEBA 4-7 years of hands-on experience in operational using SEIM, firewall, IDS/IPS, proxy, DLP, and/or virtualization tools in support of detection, response, mitigation, and/or reporting of cyber threats affecting systems and networks 3 or more years working in a 7/24 security operations environment with hands-on event analysis Experience in cyber security intrusion detection/analysis/response and creating new rules and filters in a variety of tools to support these actions Understanding of Cloud based services supporting production SaaS platforms including web applications and data analytic services Knowledge of IT Security principles, techniques and technologies Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures. Knowledge and understanding in computer evidence seizure, computer forensic analysis, and data recovery, network forensics and system log analysis. Experience with current cyber threats and the associated tactics, techniques and procedures used to exploit computer networks. Knowledge of performing risk, business impact, control and vulnerability assessments. Broad knowledge of security best practices, security solutions, and methodologies for conducting advance security assessments, to include manual assessments and malicious user testing Proficient working with various Infrastructure tools/technologies such as SCCM, GPO, Active Directory/Kerberos Strong background in Microsoft Windows and Linux/Unix Experience in developing and deploying critical security architecture solutions such as SEIM, Firewalls, IDS/IPS, Proxies, DLP, Virtualization, and Host security solutions. Experience with Vulnerability scanners like Nessus, MVM, Qualys, etc. Understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring. Knowledge of Networking protocols and technologies, e.g. TCP/IP, firewalls, routers, etc. Experience in working in cyber security operations (CSOC, SOC, CIRT, CSIRT) enterprise environment Excellent communication skills - both written and verbal Effective organizational skills with strong attention to detail Collaborative in nature Desirable:
Experience and interest in security considerations for large-scale distributed systems, API-driven services, and API vulnerability assessment Experience in a 7/24 cyber security operations environment for 6 or more years with hands-on event analysis Interest/experience in DevOps and deployment associated with containerization and container orchestration technologies such as Docker and Mesosphere Ideas on how to do cyber security operations differently Malware analysis experience using sandbox or with static analysis Experience with program/scripting languages; Python, Go, JSON, PowerShell, Bash, etc. Good understanding of frameworks such as ISO 17799/27001/27002, and other relevant compliance such PCI, HIPPA, SOX, NERC, FISMA, FFIEC, SOC 1/2/3, and GLBA and others IT Security Certifications like CISSP, CISM, CISA, CEH, GCIH, GCIA, OSCP, etc. Compensation &
Benefits:
? Competitive salary up to $130,000 based on experience. ? Full range of benefits including 401(k) and medical, dental & vision coverage. ? Flexible Personal Time Off (PTO) plan and 10
paid holiday days per year.
Salary Range:
$80K -- $150K
Minimum Qualification
Business Intelligence & Analytics, IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
