This job was posted by https://illinoisjoblink.illinois.gov : For more
information, please see:
https://illinoisjoblink.illinois.gov/jobs/12635356 Job Description
Job Purpose:
Part of the Logicalis Managed Security team, the Security Senior Analyst
role is responsible for managing services for Managed Security Service
customers. The Security Specialist has the remit of assessing,
discovering and directing remediation of security threats &
vulnerabilities within client environments whilst working as part of a
managed security team on various cyber security projects
and tasks.
This role involves working at all levels with Solution Architects,
Development Operations, Engineers, SOC Analysts, clients and other
stakeholders in building and managing security architecture and systems
which are kept up-to-date and relevant in the rapidly evolving Managed
Security Services industry.
This is a senior technical role and the role holder is expected to
provide 3rd and 4th line support for the current service platforms and
services as well as supporting, mentoring and coaching colleagues. In
addition, there will be a requirement to liaise with channel partners
and vendors..
Key Accountabilities:
- Handle internal and client escalations by engaging with key
stakeholders
- Follow & oversee that the team follows published SOC policies and
procedures
- Be a subject matter expert across Managed Security Service and be
able to clearly articulate deliverables, limitations, feasibility,
etc.
- Thorough experience of the configuration, tuning and maintenance of
SOC tools to improve detection capability and building re-usable
visualisations / dashboards for security alert triage, threat
hunting and similar use cases, etc.
- Develop Standard Operating Procedures (SOPs) and use cases for
monitoring and handling different types of security events
- Threat intelligence gathering to ensure that detection methods are
effective against current threats
- Hunt for suspicious activity based on anomalous activity.
- Handling events as part of the Security Incident Management Process
- Work with both internal and external partners to investigate and
advise on security incidents and anomalies
- Prepare detailed reports, providing information on findings, status
and progress of investigations, as well as vulnerability and risk
factors
- Serve as the senior technical escalation point and mentor for
colleagues.
- Produce incident response playbooks to drive a consistent approach
to handling common incidents and improve operational processes.
- Analysing structured security log data through the creation of
aggregated / correlated reports or visualisations.
- Identify and implement opportunities for innovative and continuous
improvement
- Lead on customer incident response investigations and containment of
threats, advising on remediation
- Participate in the Security Operations Centre on-call rotation
Skills and Attributes for Success
- Excellent technical skills, knowledge and understanding of the
Logicalis Managed Security Services portfolio, IT Applications,
Networking and infrastructure
- Demonstrable ability to think beyond the immediate situation and use
critical thinking, context and judgment in the analysis of complex
data sets and events. Actions will vary but most often will require
development of a course of action or response to identified threats
- Ability to work under pressure including crisis situations while
maintaining a high degree of attention to detail
- Experience responding to customer requests including senior
management and executives
- Ability to quickly learn and adapt to new technologies and processes
in a rapidly changing environment
- Excellent written and oral communication skills
- Self-mo ivated to improve knowledge and skills
- People orientated
- Goal and outcome focused
- Clear communicator
- Positive \"can-do\" attitude
- An example of integrity
- A mind-set of continual service improvement
- Excellent inter-personal skills
Qualifications & Experience
Must meet or be eligible to obtain U.S. Government Security Clearance
Typically 5+ years experience in IT Security including security
operations and being a Sr/lead analyst in a SOC/MSSP or mature internal
team
Analysing & reviewing security logs from a range of sources, including
SIEM - ideally Microsoft Sentinel, Splunk (Arcsight/Qradar/Logrhythm
etc), IPS/IDS, Endpoint Security (e.g. Carbon Black); Windows Eventlog
Threat Intelligence - in the context of using it in a Security
Operations environment
Securing services migrated to cloud platform (AWS/AZURE etc) preferred
Industry recognised certifications such as: SANS GIAC GCIA, GCIH, GCFA,
GNFA, GCTI, GREM or CEH, CISSP etc
A related professional certification, for example; CISSP, CISM, CISA
Solid IT and/or techno
