Security Monitoring Analyst

Job Summary:
The Security Monitoring Analyst II is responsible for reviewing alerts and events in order to identify attacks, failed attacks, pre-attack, and other anomalous activity of internal or external origination.  The Security Monitoring Analyst II will analyze the security information management system, QRadar, as well as raw logs and data feeds from various devices, and alerts from other monitoring systems.  As a second-tier Security Monitoring Analyst must have advanced security monitoring skills and an advanced understanding of log and event systems, network/host protocols, vulnerabilities and exploits, hacker methodology, and security incident prevention/mitigation techniques.
Essential Functions:
• Reports directly to the Security Monitoring Team lead
• Identify event patterns that need to be monitored and communicating this with SIM, network and other teams needed to produce the required alerts and reports
• Daily monitoring of alerts, events and reports necessary to identify current activity that is of concern
• Perform research regarding activity to identify what is and is not an attack
• Ensure proper alerts are established to enable the Command Center to react to and escalate activity 24x7
• Work with the Command Center and other Security teams to establish response and escalation procedures for security monitoring events at Tier 1 and Tier 2
• Document monitoring procedures
• Provide periodic metrics as agreed with management
• Ensure all appropriate security staff has the right tools and procedures available to quickly rule out “attack” during escalations
• Monitoring of the network for security incidents, discovery of vulnerable systems, and taking actions to prevent or mitigate security incidents to contribute to overall IT availability, reliability, and the integrity objectives
• Provide second Tier security monitoring and event/alert and incident evaluation and determination assistance on issues escalated by Tier I
• Mentor and helps provide direction to Tier I Monitoring.
• Be able to determine and communicate the proper analysis to the identified resources of possible security incidents and vulnerabilities
• Make recommendations for tuning host and network-based IDS/IPS and other security devices
• Generate trouble tickets with supporting organizations (e.g. Help Desk or Network Security)
• Reports on daily activities and assigned task status using the Agile methodology
• Other duties as assigned.
Experience & Qualifications:
• One or more years of previous experience in security event/alert monitoring. A more advanced understanding of host/network common vulnerabilities and exploits, hacker methodologies and tactics, and the tools used.

Technical skills and abilities:
• Basic security incident evidence gathering.
• TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services.
• Common OS and domain structures (Windows NT, 2000 Active Directory, etc.), servers, services, and associated vulnerabilities
• Monitoring and the analysis of Firewall logs, router syslogs, and network/host-based Intrusion Detection/ Prevention systems (IDS/IPS).
• Experience with the tuning of IDS/IPS, firewall ACL’s and rule sets.
Network engineering and local and wide area (LAN/WAN) technologies and topologies. An understanding of routing protocols, switching, etc.
• Host platform vulnerability assessment and hardening standards and methodologies.
Linux, Red Hat, etc. hosts, operating systems, and applications.
• Preferably IT Security/Information Assurance training through such sources as SANS, etc.

Category:	Information Technology
Location:	Wilmington, DE
County:	New Castle County
ZIP Code:	19801
Pay Rate:	Open
Job Terms:	contract-to-hire
Company:	PSCI
Phone:	email only
Fax:	email only