Security Operations Center Analyst -Global Managed Security Services (GMSS) team, this role proactively monitors the IT infrastructure for security incidents and participates in security incident investigation and resolution for security service offerings, including Cloud Computing (automated virtualization technologies). The successful candidate for this position is a highly motivated individual, with a good IT security background who excels operating & deploying security technology and interacting with clients. The successful candidate is a self-starter who works effectively with minimal supervision in a highly dynamic environment.
Key responsibilities: • Detection, monitoring, analysis, resolution of security incidents; participate in providing containment recommendation • Coordinate escalations to internal support teams to ensure timely delivery of incident resolutions • Perform network/system/application/log intrusion detection analysis and trending • Perform tuning of the SIEM filters and correlations to continuously improve monitoring • Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders • Ensure that Service Level Agreements are met • Maintain standard operating procedures, processes and guidelines • Automate security analysis, administration and remediation procedures, workflows and tasks • Maintain awareness of trends in security regulatory, technology, and operational requirements • Participate in client audits • Shift rotation will be required for this role.
Education or Experience: • Graduation with a degree from a recognized university with specialization in Computer Sciences or a related discipline, combined with a minimum of three (1) years of directly related practical experience and demonstrated ability to carry out the functions of the job. OR • Completion of two years of an acceptable post-secondary educational program in Computer Sciences from a recognized community college, or in a related discipline, combined with a minimum of four (2) years of directly related practical experience and demonstrated ability to carry out the functions of the job. OR • Minimum of four (4) years of directly related practical experience within the last eight years, and demonstrated ability to carry out the functions of the job. Required: Keen interest in actively participating in SOC expansion • Experience working in an IT Security Operations Centre, using SANS methodology • Experience and extensive knowledge of Security Information Event Management • Experience in Intrusion Detection or Prevention Systems • Knowledge of: TCP/IP, computer networking, routing and switching • Experience in Linux/UNIX and Windows based devices at the System Administrator level • System log forensics (Syslog, Event Viewer) • Strong troubleshooting, reasoning and problem solving skills • Team player, excellent communication skills, good time management • Organizational skills and the ability to work autonomously with attention to processes • Ability to speak and communicate effectively with peers, management and clients • Ability and experience in writing clear and concise technical documentation • Ability to speak and write fluently Desirable: • SIEM experience with ArcSight • Experience in security penetration testing • Experience using ticketing systems such as Remedy • Security certifications: SANS/GIAC (GCIH, GCIA or GCUX), CCNA, CISSP, or CISA certifications would be assets • US Federal Government security clearance (Public Trust), or the ability to become cleared • Knowledge of application security including web applications, web services, XML, SOA, AJAX, JSON, and web scanning tools • Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions • Knowledge of NIST, PCI, HIPAA