Analyze, document and report on potential security incidents identified in customer environments Work with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets
Provide triage on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc.
Perform knowledge transfers, document, and triage client’s issues regarding mitigation of identified threats
Provide ongoing recommendations customers on best practices
Actively research current threats and attack vectors being exploited in the wild
Utilize defined SOP’s and KB’s
Shift flexibility, including the ability to provide on call support when needed.
2-3+ years full-time professional experience in the Information Security field
2 or more years investigating and or troubleshooting enterprise level networks and systems
Excellent time management, reporting, communication skills, and ability to prioritize work
Ability to generate comprehensive written reports and recommendations
Write professional emails
Previous experience as a point of escalation in a technical environment
Customer interactions and working through various issues
Base knowledge of contemporary security architectures/devices such as firewalls, routers, switches, load balancers, remote access technologies, anti-malware, SIEM, and AV
Ability to work customer’s environments to report on critical security events
Ability to troubleshoot technical problems and ask probing questions to find the root cause or a problem
Queue management
Data analysis using SIEM, Database tools such as Elastic, and Excel
Experience troubleshooting security, network, and or endpoints
IDS monitoring/analysis with tools such as Sourcefire and Snort
Experience with SIEM platforms preferred (QRadar, LogRhythm, Exabeam, Securonix, and Splunk)
Familiarity with web-based attacks and the OWASP Top 10 at a minimum
Attack vectors and exploitation
Mitigation
Direct (E.g. SQL Injection) versus indirect (E.g. cross-site scripting) attacks
Familiarity with SANS top 20 critical security controls
Understand the foundations of enterprise Windows security including:
Active Directory
Windows security architecture and terminology
Common system hardening best practices
Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS)
Experience in monitoring at least one commercial AV solution such as (but not limited to) Carbon Black, CrowdStrike, McAfee/Intel, Symantec, Sophos or Trend Micro
Ability to identify common false positives and make suggestions on tuning
Malware
Understanding of base malware propagation and attack vectors
Propagation of malware in enterprise environments
Experience with malware protection tools such as FireEye a plus.
Understanding of malware mitigation controls in an enterprise environment.
Network Based Attacks / System Based Attacks
Denial of Service Attacks
Brute force attacks
Familiarity with vulnerability scoring systems such as CVSS
Basic understanding of vulnerability assessment tools such as vulnerability scanners and exploitation frameworks
Experience working with Incident Ticketing Systems (i.e. ServiceNow, Remedy, RemedyForce, Heat, etc.).
General security knowledge (GCIA, CISSP, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +, OSCP or other security certifications).
CCNA, CCDA, CCSA, CCIE, CISSP, CEH