The Information Security Analyst will participate in the development and implementation of security policies and procedures, leverage Network Monitoring, Logging and Security Incident Event Management (SIEM) systems to produce alerts, audit data and reporting to detect suspicious activity and will analyze the threat data to help the Information Security team to determine what response is appropriate.
- Responsible for understanding and providing appropriate surveillance for the critical cyber threats to Company’s Information Systems.
- To focus on implementing and improving technology and procedures related to vulnerability management, device hardening and cyber security incident response.
- Ability to quickly analyze data sets and identify patterns to uncover risky attributes and trends
- Ability to proactively tune systems to reduce false positives based on internal & external threat intelligence
- Ability to proactively mine event systems to identify emerging threats
- Ability to assist in the development of standard processes for closing security alerts based on the type of alert.
- Ability to initiate and execute the cyber security incident response process, including prioritization and ranking of escalated incidents
- Working knowledge of the cyber security incident response technologies including network logging and forensics, security information and event management tools, security analytics platforms, log search technologies, host-based forensics and case management system
- Ability to develop security baseline configurations for server and network infrastructure including scans for compliance
- Perform post mortem analysis on traffic flows and other activities to identify malicious activity
Skills & Experience Required
- Min 5 years of experience in information security or related technology experience required, experience in the securities or financial services industry is preferred.
- Strong knowledge of technology and security controls related to the detection, analysis, containment, eradication and recovery from cyber security incidents.
- Uses ArcSight ESM in daily operational work and manages the workflow of events to the appropriate business unit or corporate group.
- Execute tasks or lead small projects as needed - Communicate and interact directly with other staff to ensure optimal individual and group performance
- Familiarity with Windows operating system and associated vulnerabilities with advanced knowledge of Linux operating systems is helpful.
- Strong verbal and written communication skills with experience in documentation and familiarization of Standard Operating and other formal procedures
- Server and Network Device Security Hardening (routers, switches, firewalls, virtual environments are a plus)
- CISSP, CISA, other security certifications a plus.
- Technical writing experience with management level reports