Security Monitoring Analyst

Description

A Monitoring Analyst position is open in the Cyber Fusion Center (CFC) with a focus on monitoring indicators of attack and improving processes and procedures. The successful candidate for this role should have experience reviewing security events from multiple systems (Windows, Unix, routers, switches, and endpoints) and discerning between benign and potentially malicious events based on data classification, behavior, and context. This role emphasizes the review and triage of events and requires expertise in designing and implementing correlation searches to respond to changes in the environment and reduce false positives.

Job Responsibilities:

·         Need to have experience reviewing security events from multiple systems but mainly SPLUNK (Windows, Unix, routers, switches, and endpoints) and be able to understand what events are benign and what may be malicious based on data classification, behavior, and context.:

·         Monitor and detect security events from SIEM, Log collection Engines, and other security technologies, such as Splunk and McAfee DLP.

·         Perform investigations using security platforms to determine false positives or escalate ( IDS/IPS, DLP, etc.)

·         Monitoring of health alerts and downstream dependencies.

·         Review and take a proactive approach to false positives and work with other teams to improve the accuracy of the alerts.

·         Document, investigate, and notify appropriate contact for security events and response.

·         Collaborate with technical teams for security incident remediation and communication.

·         Conduct security research on threats and remediation methods.

·         Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review.

·         This role focuses heavily on the review and triage of events but will also need to know how to design and implement correlation searches to respond to changes in the environment and reduce false positives.

Must-Have Requirements:

·         3-5 years of cybersecurity monitoring experience.

·         Experience with security tools such as SIEM, EDR/XDR, and McAfee.

·         Ability to independently analyze & triage security events and identify false positives.

·         Skills with Splunk searches and queries.

·         Splunk (SIEM) experience.

·         English (written & verbal).

Plusses:

·         Cloud security experience.

Benefits

• 20 vacation days per year
• Aguinaldo Superior 
• Grocery Vouchers
• Learning Platform
• Major and minor medical expenses insurance