Senior Threat Analyst

October 8

Apply Now

Receive Emails with Similar Jobs

Optiv

WebsiteLinkedInAll Job Openings

Security Program Strategy • Enterprise Risk and Compliance • Threat and Vulnerability Management • Security Architecture and Implementation • Security Education and Awareness

1001 - 5000

💰 Venture Round on 2017-01

Description

• This position will be fully remote and can be hired anywhere in the continental U.S. • The Sr. Threat Analyst will provide deep level analysis for client investigations utilizing customer provided data sources, audit, and monitoring tools at both the government and enterprise level. • The Sr Threat Analyst will work closely with our Technology Engineers, Architects, and Threat Analysts to service customers. • High level professional writing experience regarding documenting and reporting on potential security incidents identified in customer environments to include timeline of events. • Work with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets. • Provide analysis on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc. • Perform knowledge transfers, document, and train clients regarding mitigation of identified threats. • Provide ongoing recommendations to peers and customers on tuning and best practices. • Actively research current threats and attack vectors being exploited in the wild • Actively work with analysts and perform investigations on escalations. • Ability to discuss security posture with multiple clients and make recommendations to better their holistic security approach. • Provide gap analysis for clients to better their security posture. • Maintain and develop SOPs for threat analyst team. • Develop and maintain Playbooks and runbooks. • Work with internal teams to increase efficiency and effectiveness of security analysis provided by the threat analysis team. • Training of new analysts on security and tools • Create and maintain Content Catalog based on security essentials and the evolving threat landscape. • Provide quality assurance (QA) review of security alerts handled by Team members.

Requirements

• Four or more years of full-time professional experience in the Information Security field • Experience working in a Security Operations Center (SOC), Managed Security Service (MSS), or enterprise network environment as a point of escalation. • Excellent time management, reporting, and communication skills including customer interactions and executive presentations. • Data analysis using SIEM, Database tools, and Excel. • Experience troubleshooting security devices and SIEM. • Ability to create and maintain content within SIEM environments and make recommendations to clients to better their visibility. • IDS monitoring/analysis with tools such as Sourcefire and Snort • Experience with SIEM platforms preferred (QRadar, LogRhythm, McAfee/Nitro, ArcSight, Splunk) a plus. • Direct (E.g., SQL Injection) versus indirect (E.g., cross-site scripting) attacks • Experience with the following attacks: Web Based Attacks and the OWASP Top 10, Network Based DoS, Brute force, HTTP Based DoS, Denial of Service, Network Based / System Based Attacks. • Familiarity with SANS top 20 critical security controls • Understand the foundations of enterprise Windows security including Active Directory, Windows security architecture and terminology, Privilege escalation techniques, Common mitigation controls and system hardening. • Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS) • Experience in monitoring at least one commercial AV solution such as (but not limited to) McAfee/Intel, Symantec, Sophos, or Trend Micro • Ability to identify common false positives and make suggestions on tuning. • Understanding of root causes of malware and proactive mitigation • Propagation of malware in enterprise environments • Familiarity with web-based exploit kits and the methods employed by web-based exploit kits. • Familiarity with concepts associated with Advanced Persistent Threats and “targeted malware.” • Experience and understanding of malware protection tools (FireEye) and controls in an enterprise environment. • Covert channels, egress, and data exfiltration techniques • Familiarity with vulnerability scoring systems such as CVSS. • Basic understanding of vulnerability assessment tools such as vulnerability scanners and exploitation frameworks

Benefits

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups. • Work/life balance • Professional training resources • Creative problem-solving and the ability to tackle unique, complex projects • Volunteer Opportunities. • “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities. • The ability and technology necessary to productively work remotely/from home (where applicable)