Position Summary:
The Analyst for Cyber Security role will leverage advanced skills to counter the activities of cyber criminals such as hackers and developers of malicious software. It is widely accepted that the threats in cyber space are growing faster than our ability to mitigate them. This position will focus on identifying internal and external cyber threats along with the appropriate defenses and compensating controls to help protect the security of our organization.
Position Responsibilities may include, but not limited to:
Conduct Cyber Security threat analysis.
Correlate alerts and events from diverse sources.
Work with IT to maintain the existing Log Sources in a healthy state and add/remove sources to ensure Cyber Security has accurate visibility over the environment.
Follow playbooks and runbooks to respond and escalate incidents to the Incident Response team when needed.
Provide feedback to improve playbooks and runbooks after investigations.
Use various platforms and other proprietary tools to identify the scope and severity of each Security Incident escalated from SOC Tier 1.
Collaborate with SOC leadership to suggest updates for the incident response plan and procedures as well as SOC playbooks.
Provide support, maintenance, and development of the Security Information and Event Monitoring (SIEM) platform.
Propose new rules and tuning opportunities for the existing rules based on findings after investigations in order to increase efficiency and reduce false positives.
Follow industry best practices for SOC/SIEM Cyber Security operations such as MITRE ATT&CK and NIST Cybersecurity Framework (CSF).
Evaluate, report, and make recommendations on the effectiveness of the organization’s Cyber Security controls. Assess need for any security reconfigurations (minor or significant) within enterprise technologies such as: network(s), Active Directory, Database Platforms, general security processes, etc., and build consensus for remediation adoption and finally facilitating execution.
Work with RH Security and IT teams to improve and expand the value that we are delivering.
Any other duties as assigned.
Required Skills and Experience:
Bachelor's Degree in Engineering, Computer Science, or other IT related field and 1+ years of experience working in a proactive hunting and analysis role OR High School Diploma and 4+ years of the above stated experience in lieu of a Bachelor’s degree
Knowledge of security event monitoring, analysis, and triage.
Understanding of security principles such as attack frameworks, threat landscapes, attacker TTPs, etc.
Knowledge of network communications, routing protocols, regulatory standards and compliance requirements and common internet applications/standards
Must possess a willingness to learn, a positive attitude, ambition, high energy, and self-motivation.
Strong collaboration skills - able to work in a team-oriented collaborative environment. Excellent verbal and written communication skills to interface with managers, staff, customers, and vendors at all levels within the company.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Strong problem-solving skills - applied skills in critical thinking and analysis, (communications) meeting facilitation, and (collaboration) interpersonal interactions.
Strong skills for process and design documentation
Hands-on knowledge of PCs, servers, firewalls, TCP/IP & protocols, network admin tools, intrusion detection systems, anti-virus software, Active Directory, data encryption, and other industry-standard techniques and practices.
Working technical knowledge of current systems software, protocols, procedures, and standards.
Travel - Occasional, based on issues, system requirements, training, etc.
This position must pass a post-offer background and drug test.
Preferred Skills and Experience:
Technical understanding and disk and/or memory forensics capabilities on Windows MacOS, and Linux operating systems.
Technical understanding and forensics capability utilizing network data and PCAPs.
Working knowledge of the incident response and cyber threat intelligence life cycles.
Hands on experience with EDR solutions
Hands on experience with log analysis, SIEM
Hands on experience with detection engineering
Hands on experience with malware analysis
Physical Demands and Work Environment:
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.