Cyber Intrusion Analyst

Responsibilities

• Operates and monitors network intrusion detection and prevention sensors and other information security monitoring infrastructure.
• Collects, assesses, and reports upon relevant threat intelligence / actionable security information and appropriately modifies tactical operations.
• Performs analysis and response to Tier I security relevant alerts and events.
• Assesses network traffic patterns and session data for indicators of malicious activity with assistance.
• Plays a strong supporting role in prompt and effective response to information security incidents.
• Performs operational assessment, prioritization, and remediation of enterprise vulnerabilities and exposures.
• Generates, edits, and delivers reports derived from security tools and Security Operations activities.
• Support of forensic investigations and penetration testing activity.
• Supports the automation and improvement of the overall cloud security posture at Asurion.
• Assists with executing remediation plans for any gaps reported in audits or recommended process improvements that effect core information security services.
• Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining professional networks; participating in professional organizations.
• Performs other related duties as assigned.

• BA or BS in Computer Science, Management Information Systems, or related field desirable, practical experience plus education and certifications may be considered.
• MS in Computer Science, Information Systems, or a related field, desired.
• One or more years of progressive experience in computing and information security, including experience with Internet technology, security technology, issue resolution and leading teams in a cross functional, global setting.
• GSEC, GCIA, GCIH, GCFA, or other security related certifications desired.
• Basic understanding of core network protocols (TCP/IP, ICMP, DHCP, DNS, etc)
• Familiarity needed with several key security technologies: SEIM Tools (Splunk, Arc Sight, Log Logic), Network Intrusion Detection / Prevention Tools (Tipping Point, Source Fire, Snort, CheckPoint IPS blades, Net Witness, MIR) DLP packages (Symantec Vontu), Host IDS, AV & endpoint management, network anti-malware (Fire Eye, Palo Alto), Forensic tools (EnCase, FTK, etc).
• Familiarity with common OOP languages desirable (Python, Java, C#, etc.)
• Strong analytical and problem solving skills are necessary.
• The ability to operate under ambiguous circumstances, address uncomfortable issues and leverage data to make informed decisions.
• Excellent communication (oral, written, presentation), interpersonal and consultative skills are required.