Sr. Cyber Security Analyst

Job Description

In this role, you will be part of a team that is responsible for analysis of cyber threats that could impact company resources.

The Sr. IR (Incident Response) Analyst will establish operating procedures to detect & respond to cyber incidents from external threats as an integral part of a Cyber Security Operations Center (CSOC). The Sr. IR Analyst will lead a team providing strategic and lifecycle direction. He/She will be the senior most escalation point for IR related events. This person must be a self-starter with the ability to research and solve problems independently but must also able to collaborate in a dynamic team environment. Leadership, Technical and Mentoring skills are crucial.

• Establish processes for analysts who conduct security monitoring, triage and analysis, handle incoming notifications from NetApp personnel, and conduct notifications.
• Handle escalations related to advanced persistent threat or forensic events.
• Interface with executive and corporate management.
• Continually research the current threat landscape and tactics as they apply to team and adjust accordingly.
• Advise management on the effectiveness execute modifications where appropriate.

• Advanced understanding of network communications (TCP/IP networks, Web Protocols, Identity & Cloud)
• Advanced understanding of IT security principles
• Ability to work with a globally distributed team
• Strong oral and written communication skills
• The ability to travel as needed to support the corporate objectives.
• Ability to work some late hours or weekends as the role requires.
• Previous operational experience in a CSIRT, CIRT, SOC, or CERT, Security Incident Management – analysis, detection and handling of security events.
• Expert understanding of tactics used by APT, Cyber Crime and other associated threat group
• Advanced understanding of multiple operating systems such as Linux, Solaris, BSD, or Windows
• Advanced understanding of intrusion detection systems (e.g. Snort, Suricata) and tools (e.g. tcpdump, Wireshark)
• Advanced comprehension of how attacks exploit operating systems and protocols
• Must understand how to analyze network traffic for suspicious and malicious activity
• Hands-on experience with other security technologies:
o Next-Gen Intrusion Detection Systems – FireEye, Damballa, or Palo Alto WildFire
o Security Information & Event Management (SIEM) – ArcSight, Splunk, QRadar, etc
o Packet capture technologies – NetWitness, Solera, Moloch, or at a minimum, WireShark or tcpdump
• Scripting experience with one or more of the following: PERL, Bash, PowerShell, Python
• Ability to write technical documentation and present technical briefings to varying audiences

• 5+ years of information security experience is required; At least 3 years of experience in security monitoring, digital forensic analysis, penetration testing, or incident response is preferred.
• A Bachelor of Arts or Sciences Degree is required; or equivalent experience.
• Leadership or Management experience