Proactively monitor the environment to detect and implement steps to mitigate cyber-attacks before they occur.
Provide technical expertise regarding security-related concepts to operational teams within the Information Technology Department and the business.
Review, investigate, and respond to real-time alerts within the environment.
Review real-time and historical reports for security and/or compliance violations.
Monitor online security-related resources for new and emerging cyber threats.
Assess new security technologies to determine potential value for the enterprise.
Conduct vulnerability assessments of firm systems and networks.
Manage systems owned by the Information Security Team.
Perform daily system monitoring and reviewing of log data on the SIEM, build searches, check for alarms, drill down through log sources, identify event logs, events, and alerts.
Check suspicious attachments or emails reported by employees.
Check and resolve basic antivirus alerts.
Develop and maintain installation and configuration procedures.
Requirements
A four-year college degree or equivalent industry training and certifications.
Three to six years of experience in a security analyst or related position.
Technical knowledge of enterprise-class technologies such as firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems.
Thorough understanding of Microsoft’s enterprise technology platform, includingActive Directory, SQL, and the Windows server and desktop operating systems.
Proficiency with Windows PowerShell and Python is a plus
Strong writing skills, as well as the ability to articulate security-related concepts to a broad range of technical and non-technical staff.
Working experience with creating, implementing, and managing a threat hunting program within a corporate environment.
Proficient problem-solver able to work autonomously.
Customer-facing platform implementation experience, including use case development, assessment, planning, execution, and operations.
Sound technical knowledge in SIEM platform components and applications.
Experience with tools and technologies such as SIEM, UEBA, NTA, EDR, AV/AM, and SOAR.
Desired Qualifications
One or more of the following certifications: CEH, CISM, CompTIA Security+, CISSP, GSEC.
Experience with managing and securing both on-premise and hosted systems and applications