Security Analyst Engineer

Our client has a long term hybrid position to provide operational Information Security support in an enterprise environment.

*** Must be local, W2 only

This candidate will have 3 to 8 year of operational and engineering experience with information security operational work and analysis.

Candidate will work in an hybrid environment with holidays and paid time off.

Must have extensive experience in security policies & procedures, and protocols.

Develop, implement, and refine security monitoring use cases in Splunk and other SIEM tools to enhance threat detection capabilities.

Monitor and respond to security alerts from various detection systems (e.g., EDR, network anomaly detection, identity protection).

Create and maintain response templates for identified security incidents and "red flags."

Identity & Account Governance:

Proactively identify and remediate expired or overdue passwords within our identity systems.

Perform regular Active Directory health checks and cleanup activities, including identifying and disabling stale user and computer accounts.

Access & Privilege Management:

Identify and remediate local administrative privileges on workstations and servers, implementing least privilege principles.

Address duplicated credentials within Azure Active Directory to enhance security.

Security Monitoring & Analysis:

Contribute to the development and refinement of security monitoring and detection capabilities within Splunk and other platforms.

Assist in the investigation and response to security alerts from various sources (e.g., Threat Command, Canary, ExtraHop, CrowdStrike Identity).

Vulnerability Management:

Assist in identifying and addressing outdated applications that pose security risks.

Research and analyze threat intelligence to identify applicable vulnerabilities and emerging attack vectors.

Utilize tools like BloodHound and PingCastle to identify and remediate Active Directory security weaknesses.

Identify and manage the remediation of outdated or vulnerable applications across the enterprise.

Strong written and verbal communication skills

- Undergraduate degree (BS) in technology related field, e.g., computer science, EMIS, systems engineering, electrical engineering

- Self-started with exceptional follow through and time management skills

- 1-3 years of relevant Information Security Experience, 4+ years is a plus

- Experience with On-Premise and AWS hosting environments

- Understanding of security principles and network communication models and corresponding protocols

- Familiar with ServiceNow and system of record/workforce management tool

- Alert management experience

- Accountable for conducting phishing analysis, web proxies, endpoint detection and response, database monitoring

- Accountable for conducting security analysis or audits

- Possess high-level knowledge of assessment of Active Directory Security Group lifecycle management

- Experience in conducting industry and/or third party threat intelligence for integration into our client's environment

- Network operational knowledge and experience is required

- Demonstrated ability to create information security runbooks, knowledge management, and other process documentation; in support of daily, weekly, monthly, and quarterly reporting cadences

- Ability to adapt to the use of new tools and approaches to address continuously emerging information security threats.

Ability to resolve incidents using critical thinking

Security skills and tools: Carbon Black, Imperva, Varonis, Tripwire, Forescout, Symantec Cloud Access Security Broker (CASB), SecureMail, Symantec WebPulse, VMRay, Symantec Web Security Service

Desired Security Certificates: Security+ from CompTIA, GIAC Security Essentials (GSEC), Certified Ethical Hacker (CEH), or other related Information Security certificates

Desired Skills & Experience - ITIL-based training, experience, or certifications on SIEM are a plus

- Network firewall knowledge is a plus

- Familiar with Oracle Databases is a plus

Imperva

Varonis

Tripwire

Forescout

Symantec Cloud Access Security Broker (CASB)

SecureMail

Symantec WebPulse

VMRay

Symantec Web Security Service

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.