-
ID
#17507935 -
Job type
Permanent -
Salary
TBD -
Source
COX Enterprises -
Date
2021-07-29 -
Deadline
2021-09-27
Threat Detection & Response (TDR) Analyst
Georgia, Atlanta, 30301 Atlanta USAPermanent
Vacancy expired!
- Perform monitoring of Cox networks, systems, and information assets for security events to promptly detect cyber incidents and mitigate their impact to the organization.
- Detect and respond to workstation, server and network incidents using SIEM, behavioral analytics, and network analysis.
- Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify potential threats to network security.
- Document and escalate cyber incidents that may cause ongoing and immediate impact to the environment.
- The TDR Analyst will respond in a consistent and well-organized manner to help mitigate the impact of cybersecurity incidents on the Cox environment.
- Update scenario-based procedures, classifications, techniques, guidance as required.
- Perform incident triage, to include scope, urgency, potential impact, making recommendations that enable expeditious remediation.
- Track and document cybersecurity incidents from detection through resolution.
- Stay abreast of the latest trends in threat intelligence, security monitoring and incident response.
- Collect intelligence data from relevant sources including subscription and open-source feeds.
- Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives as related to designated cyber operations warning problem sets.
- Will operate in a proactive threat intelligence and active defense program to collect and analyze threat intelligence data and incorporate it to enable decision-making at both the operational and strategic levels, as needed.
- Two or more years of technical experience in the Information Security field
- Experience writing, reviewing and editing cyber-related intelligence/assessment products from multiple sources
- Experience triaging security events using a variety of tools including QRADAR in a security operations environment.
- Experience with packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions.
- Experience conducting incident response activities and seeing incidents through to successful remediation.
- Experience with a programming/scripting language such as Python, Perl or similar.
- Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
- Deep knowledge of computer networking concepts and protocols, and network security methodologies.
- Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Strong understanding of network traffic analysis methods including packet-level analysis.
- Deep knowledge of network security architecture concepts including topology, protocols, components, and principles.
- Strong understanding of malware analysis concepts and methodologies.
- Solid ability to employ incident handling methodologies.
- Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Strong process execution, time management and organizational skills.
- Strong work ethic, leadership skills, initiative and ownership of work.
- Solid ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- High proficiency with common cybersecurity management frameworks, regulatory requirements and industry leading practices.
- At least one of the following certifications is required or must be obtained within your first 12 months of employment: CISSP, CEH and/or the following SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.
- BS in Computer Science, Information Systems, Engineering, etc.
- Experience with endpoint security agents (Carbon Black, Crowdstrike, etc.)
- Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques.
- Experience with host-based detection and prevention suites (Microsoft SCEP, OSSEC, etc.)
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
Vacancy expired!
Report job