Logo
Crossfire Consulting

Hybrid IT Security Operations Analyst

Crossfire Consulting, New York, New York, us, 10261


Job Description: *PLEASE NOTE THIS POSITION WILL ALLOW CONSULTANT TO WORK REMOTELY. HOWEVER, DUTIES WILL REQUIRE CONSULTANT TO WORK ONSITE 3 DAYS PER WEEK. THEREFORE, WILL BE CRITICAL FOR THE CONSULTANT TO BE LOCAL TO NYC AND ABLE TO TRAVEL TO OUR OFFICE WITHOUT ISSUE, AS NEEDED (AT THEIR OWN EXPENSE).

One of 3 shifts a day in a 24/7 operation (*consultant needs to be flexible enough to fill any of the 3 shifts as needed):Shift 1 = 12am - 8:30amShift 2 = 8am - 4:30pmShift 3 = 3:30pm - 12am

SUMMARY OF THE FUNCTION/ROLE:The IT Cyber Security Operations Monitoring Team is seeking consultants to perform Tier 2 SOC follow-up and remediation activity on escalated incidents. The Tier 2 level Analyst (Senior Analyst) should have the ability to respond to a wide range of escalated Incidents and follow through with incident lifecycle through completion. Some of the areas we are looking for candidates to have experience in include but are not limited to:

Critical Key requirements:• Critical Thinker & Analytical Aptitude• SIEM Experience (Splunk)• Tier II SOC Incident Handling & Investigation• 24/7 Security Operation Center Experience• Threat Detection & Response Experience• Threat Detection Technologies Experience

RESPONSIBILITIES:a. SIEM: The ability to conduct correlated searches and analysis utilizing a Security Incident & Event Management system.b. Network: The ability to Analyze and dissect packets and validate threat signaturesc. Endpoint: Ability to perform basic static forensic analysis of Systems and Filesd. Email: Demonstrated ability to analyze email attributes such as Headers, and the ability to apply appropriate countermeasures to enhance email defensee. Cloud: The ability to analyze anomalous detected traffic based on defined attack policies, ability to validate the treat and then determine remediation steps and present findings)f. User & Entity Behavior Analytics: demonstrated capability to recognize and respond to various anomalous patterns of User's and Entity's activity to detect malicious intent.g. Web Application: familiarity with various types of code-based attacks and the ability to detect and respond to themh. Data Loss Prevention: Demonstrated capability to analyze DLP events and the ability to detect Data ex-filtration through covert channels.i. Document As-Is and To-Be playbooks for existing and future processes.j. Coordinate and facilitate meetings such as process reviews, requirements, and various status reports

RISKS (required by *** Risk Management):• All work when On *** premises will be desk work only performed within the Cyber Security Operation Center (CSOC) Environment.

QUALIFICATIONS EXPERIENCE & EDUCATION:• Knowledge of Enterprise Networks & Security infrastructure, Communication and internet security systems, Firewalls, Intrusion Protection Systems, Remote Access VPN, Proxy, Wireless Security, NAC, Enterprise ID Management systems, Database, computer systems, security event analysis and forensic investigations.• Organizational, decision making, and communications skills.• Knowledge of network security operations with a solid understanding of the technology and attention to detail.• Creative problem-solving abilities, coupled with a desire to take on responsibility.• Strong team player with the ability to engage and promote a cohesive unit.• Ability to handle multiple tasks in a fast-paced environment and prioritize highly varied work in order to maintain required productivity levels.• Ability to communicate technical' info and ideas so others will understand.• Ability to make appropriate decisions considering the relative costs and benefits of potential actions.• Ability to apply collaborative skills and traits that create solutions and results to unexpected situations.• Bachelor's degree in Computer Science, Cyber Security, Information Technology or related discipline OR a satisfactory equivalent with 4-6 years of Information Technology experience.

Additional Skills and Information: Security Event Monitoring, Network Event monitoring, Email Header Analysis, Packet Capture inspection, Malware Triage & Analysis, SIEM (Splunk) & TIP Experience