Previous Job
Cyber Security Analyst
Ref No.: 18-21140
Location: Augusta, Georgia
Position Description
Location: Augusta, GA
Duration: 3 months, C2H for high performers.
Travel: Not to be expected; 0-10% (cost covered by Client if it does occur)
Interview Process: 1st phone, 2nd in-person; likely a decision to be made at this point, but a final 3rd interview (in-person) is a possibility
Schedule: 24x7 Security Operations Center – The first month will be day shift for training. After that, the schedules will be split into 1st, 2nd, and 3rd shifts

Top Skills Set The Manager is Looking for:
· SIEM knowledge (preferably LogRhythm, but not required)
· Identity and Access Management knowledge (Preferably Okta, but not required)
· Advanced Endpoint Protection knowledge (Preferably Cylance or Carbon Black)
· Firewall/Networking knowledge (Palo Alto, Cisco, Checkpoint and/or Fortinet)
Overview: To provide high quality security device management and support services to Managed Security Service customers. This can include (but not limited to) Firewall, IDS/IPD, VPN Concentrator, VM/Scanning Systems and SIEM in either a leveraged or dedicated delivery team model.

Key Job Responsibilities
• Working incidents based on standard service measures.
• Provide technical support to customers across the managed service portfolio.
• Responding to device alerts through in-house proactive alerting system.
• Support customers via on-site, and/or remote phone and email.
• Liaise with vendors to support customer devices and environments.
• Attending technical training to retain skill levels across portfolio.
• Qualifications Technical certification in at least 1 security or network products set

Required Skills
• 2 years related experience
• An understanding of networking technologies
• Experience in a Support environment
• Experience of working within a team environment
• Excellent customer service skills
• Pro-active attitude to troubleshooting support issues
• Evidence of trouble-shooting skills
• Experience working with packet captures/tcp dumps
• Knowledge of different security platforms available with experience of configuring/managing at least one of the following
- Checkpoint firewall
- Juniper Netscreen/SRX firewall
- CISCO PIX/ASA firewall
- Bluecoat Proxy
- F5 load balancer

Beneficial Skills
• Knowledge of Checkpoint, F5, Bluecoat, MacAfee and Juniper Products
• Familiarity with SIEM, IPS/IDS and VPN Technologies and Authentication Software
• Familiarity with Microsoft and Citrix servers.
• Familiarity with ITSM/ ticketing systems.
Job Responsibilities:

The primary function of this role is to participate as a mid-level member of a 24x7 Security Operations Center (SOC) team, delivering the required actions as described within agreed guidelines and follow standard procedures to maintain, manage and report on the security event management and infrastructure events of our clients.

* Applying knowledge of a client's security policies and procedures to detect, analyses and prevent both internal and external security breaches using SIEM and other security event monitoring tools
* Research and document appropriate information to support escalations of complex security issues to Senior Analysts or appropriate engineers
* Actively monitor the SIEM/security monitoring tools in order to identify anomalies and other event not automatically detected
* Develop basic SIEM/security monitoring tool event filters
* Lead or assist rule development activities to need to increase detection efficiencies and help in the prevention of malicious attacks
* Provide vulnerability assessment analysis to clients/accounts based on scanning technology output.

* Experience in networking, operational security management and telecommunications;
* At least 4 years' experience in a security analyst/administrator role in a complex environment;
* Extensive knowledge of security products and network topology;
* Extensive knowledge of TCP/IP and other protocols;
* In-depth knowledge of current Internet security attacks and prevention.
* Experience in security analysis tools such as ArcSight, LogRythm, QRadar, etc.
* Strong knowledge of leading enterprise commercial firewall technologies (certifications preferred);
* Strong knowledge of structured intrusion detection, tracking and analysis using industry leading commercial technologies (certification preferred);
* Specific knowledge of Windows security issues;
* Specific knowledge of Unix security issues;
* Excellent English communication skills, both verbal and written. Other language skills are an advantage;

Preferable Certification: CPT, CEPT, ECSA, GCIH (SANS), GCIA (SANS)