ISA designs, implements, and monitors Information Security solutions. The ISA is responsible for detecting threats and vulnerabilities in target systems, networks, and applications by conducting systems, network and web vulnerability assessment / security testing and security monitoring. The ISA role is a 24/7 on-call position. This role also works in scheduled shifts Monday through Friday.
- Monitor Service Now for tickets created by the VSOC
- Perform investigations using various Monitoring Security technologies (i.e. SIEM, EDR, IDS/IPS, DLP, NAC, FIM, SEG, etc.)
- Perform initial triage of incoming ServiceNow tickets created by the VSOC (initially assessing the priority of the event, initial determination of event to determine risk and damage or appropriate routing of security or privacy data request)
- Review and take a proactive approach to false positive alerts and work with the various Security teams to tune and provide feedback to improve accuracy of the alerts.
- Document, investigate and Notify appropriate contact for security events
- Takes an active part in the resolution of events, even after they are escalated
- Must participate in an on-call roster
- Must participate in a scheduled shift rotation, and be able to be in the office
- Collaborate with technical teams for security incident remediation and communication
- Conducts proof of concepts, vendor comparisons and recommend solutions in line with business requirements
- Conducts security research on threats and remediation methods
- Contributes to strategic planning to evaluate, deploy or update security technologies
- Creates process improvement by identifying inefficiencies and solutions for process improvements
- Follows a standard methodology to identify and/or detect threats to the IT infrastructure, applications and other information assets
- Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review
- Promotes cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Bachelor's Degree; Computer Science or equivalent field., or equivalent work experience
- 4-8 years in field or similar industry
- Experience in information security, governance, IT audit, or risk management
- Ability to communicate concisely, effectively and directly to executive management
- Ability to work cooperatively in a team environment
- Advanced knowledge of Microsoft Office (Outlook, Word; Excel) and PowerPoint
- Exceptional organizational skills and attention to detail. Ability to work cooperatively in a team environment
- Experience planning, researching and developing security strategies, standards, and procedures
- Knowledge of risk assessment tools, technologies, and methods
- Proven ability to understand and analyze complex issues, then apply experience and judgment to develop sound recommendations especially as related to malware, eDiscovery, current threats/attacks and/or vulnerability management
- Strong understanding of security, incident response and/or networking/PC concepts
- Ability to demonstrate understanding of Security investigations process and procedures
- Ability to demonstrate technical experience working with enterprise security technologies like SIEM, antivirus/malware, IDS, WAF, DDoS mitigation platforms.
- General network knowledge, TCP/IP, Internet Routing, UNIX / LINUX & Windows NT
- Understanding of common network services (web, mail, DNS, authentication)
- General Desktop OS and Server OS knowledge
- Demonstrate ability to work with an Incident Management Tool (RSA Archer, ServiceNow).
- Demonstrate excellent communication and organizational skills.
- Demonstrate experience in windows/Unix scripting languages such as bash, python, regex and power shell.
Preferred Training, Qualifications, and Certifications
- CEH: Certified Ethical Hacker
- SEC401: Security Essentials
- SEC511: Continuous Monitoring and Security Operation
- GCIA: GIAC Certified Intrusion Analyst
- GCIH: GIAC Certified Incident Handler