About this role
The Analyst will provide intrusion/incident monitoring and detection utilizing customer provided data sources, audit and monitoring tools at both the government and enterprise level. An Analyst is required to be flexible and adapt to change quickly. The Analyst will work closely with our Technology Analysts and Architects to service customers.
How you'll make an impact
Analyze, document and report on potential security incidents identified in customer environmentsWork with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assetsAct as a coordinator for security events that require urgent response, containment and remediationProvide analysis on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc.Perform knowledge transfers, document and train clients regarding mitigation of identified threatsProvide ongoing recommendations to other MSS peers and customers on tuning and best practicesActively research current threats and attack vectors being exploited in the wildActively work with associate analysts and perform investigationsDevelopment of KB's and SOP'sPerforms other duties as assignedComplies with all policies and standards What we're looking for
2-4 years full-time professional experience in the Information Security field required2-4 years' experience working in a Security Operations Center (SOC), Managed Security Service (MSS), or enterprise network environment required2-4 years' experience working with Incident Ticketing Systems (i.e. ServiceNow, Remedy, Remedy Force, Heat, etc.). preferredAbility to generate comprehensive written reports and recommendationsWrite professional emails, Coaching and training experiencePrevious experience as a point of escalation in a technical environmentCustomer interactions and creation of executive presentationsUnderstanding of contemporary security architectures/devices such as firewalls, routers, switches, load balancers, remote access technologies, anti-malware, SIEM, and AVAbility to troubleshoot technical problems and ask probing questions to find the root cause or a problemQueue managementIDS monitoring/analysis with tools such as Sourcefire and SnortExperience with SIEM platforms preferred (QRadar, LogRhythm, McAfee/Nitro, ArcSight, Splunk) a plusAttack vectors and exploitation, Mitigation, Active DirectoryDirect (E.g. SQL Injection) versus indirect (E.g. cross-site scripting) attacksFamiliarity with SANS top 20 critical security controlsExperience in monitoring at least one commercial AV solution such as (but not limited to) McAfee/Intel, Symantec, Sophos or Trend MicroAbility to identify common false positives and make suggestions on tuningPropagation of malware in enterprise environmentsFamiliarity with web-based exploit kits and the methods employed by web-based exploit kitsFamiliarity with concepts associated with Advanced Persistent Threats and "targeted malware"Experience with malware protection tools such as FireEye a plus.Understanding of malware mitigation controls in an enterprise environment.Network Based Attacks / System Based Attacks, Denial of Service Attacks, HTTP Based DoS Attacks, Network Based DoS Attacks, Brute force attacksCovert channels, egress, and data exfiltration techniquesThe role demands the availability for US working hours 5 PM (IST) to 3 AM (IST)This role is Work from Office role What you can expect from Optiv
A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.Work/life balanceProfessional training resourcesCreative problem-solving and the ability to tackle unique, complex projectsVolunteer Opportunities. "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.The ability and technology necessary to productively work remotely/from home (where applicable) EEO Statement
Optiv is an equal opportunity employer (EEO). All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv's selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.