Security Incident Analyst II & IIIPosted: November 17, 2009
Security Incident Analyst II & III
Two Separate Positions
Location: Wilmington, DE
Length: 3 - 6 Months contract-to-hire
Security Incident Analyst III is similar to Security Incident Analyst II.
The IT Security Team is responsible for the implementation of controls and delivery of services ensuring appropriate logical and physical protection of information and other assets enterprise wide.
Job Summary:
The Security Monitoring Analyst II is responsible for reviewing alerts and events in order to identify attacks, failed attacks, pre-attack, and other anomalous activity of internal or external origination.
The Security Monitoring Analyst will analyze the security information management system, QRadar, as well as raw logs and data feeds from various devices, and alerts from other monitoring systems.
As a Security Monitoring Analyst must have advanced security monitoring skills and an advanced understanding of log and event systems, network/host protocols, vulnerabilities and exploits, hacker methodology, and security incident prevention/mitigation techniques.
Essential Functions:
Reports directly to the Security Monitoring Team lead
Identify event patterns that need to be monitored and communicating this with SIM, network and other teams needed to produce the required alerts and reports
Daily monitoring of alerts, events and reports necessary to identify current activity that is of concern
Perform research regarding activity to identify what is and is not an attack
Ensure proper alerts are established to enable the Command Center to react to and escalate activity 24x7
Work with the Command Center and other Security teams to establish response and escalation procedures for security monitoring events at Tier 1 and Tier 2
Document monitoring procedures
Provide periodic metrics as agreed with management
Ensure all appropriate security staff has the right tools and procedures available to quickly rule out *attack* during escalations
Monitoring of the network for security incidents, discovery of vulnerable systems, and taking actions to prevent or mitigate security incidents to contribute to overall IT availability, reliability, and the integrity objectives
Provide second Tier security monitoring and event/alert and incident evaluation and determination assistance on issues escalated by
Tier I and or Tier II
Mentor and helps provide direction to Tier I & Tier II Monitoring.
Be able to determine and communicate the proper analysis to the identified resources of possible security incidents and vulnerabilities
Make recommendations for tuning host and network-based IDS/IPS and other security devices
Generate trouble tickets with supporting organizations (e.g. Help Desk or Network Security)
Reports on daily activities and assigned task status using the Agile methodology
Experience & Qualifications:
One or more years of previous experience in security event/alert monitoring. A more advanced understanding of host/network common vulnerabilities and exploits, hacker methodologies and tactics, and the tools used.
Technical skills and abilities:
Basic security incident evidence gathering.
TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services.
Common OS and domain structures (WindowsNT, 2000 Active Directory, etc.), servers, services, and associated vulnerabilities
Monitoring and the analysis of Firewall logs, router syslogs, and network/host-based Intrusion Detection/ Prevention systems (IDS/IPS).
Experience with the tuning of IDS/IPS, firewall ACL*s and rule sets.
Network engineering and local and wide area (LAN/WAN) technologies and topologies. An understanding of routing protocols, switching, etc.
Host platform vulnerability assessment and hardening standards and methodologies.
Linux, Red Hat, etc. hosts, operating systems, and applications.
Preferably IT Security/Information Assurance training through such sources as SANS, etc Please refer to job code 91903 when responding to this ad.
|
