Security Operations Analyst I

Job Description

Overall Purpose

This position assists in detecting, developing, and monitoring internal alerts, as well as performing network/system/application/intrusion detection log analysis and trending. This individual will work within the security operations center reviewing incoming logs from hosts, network systems, intrusion prevention systems, and applications looking for security focused events. The individual will work with the Security Audit and Incident Response teams within Information Security to support their needs for data analysis. Work with the Security Engineering team to create scripts to collect security event information.

Essential Functions

Support the user access and identity access management initiatives
Track issues raised by vulnerability scans to root cause and ensures issue resolution or mitigation
Coordinate escalations to internal support teams to ensure timely delivery of incident resolutions
Perform network/system/application/log intrusion detection analysis and trending
Work with log correlation tools
Build log analysis dashboards as requested by peers within Information Security
Assist the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders
Develop and maintain standard operating procedures, processes and guidelines to be used within the Security Operations Center (SOC)
Automate security analysis, administration and remediation procedures, workflows and tasks
Maintain awareness of trends in security regulatory, technology, and operational requirements
Assist with external audits (SAS 70, AUP, PCI, FISMA) in gathering supporting technical evidence to show compliance.
Support the expansion and growth of the SOC: integrating new services and clients
Comply with all security policies and procedures, to ensure that the highest level of system and data confidentiality, integrity and availability is maintained

Skills & Responsibilities

Required Experience

Minimum Qualifications

Education and experience typically obtained through completion of a Bachelor’s degree in Science or Technology
Experience with or working knowledge of IDS/IPS tools
Working knowledge of Windows and Linux operating systems
Ability to work independently and within a team environment
Effective interpersonal skills, with ability to present information to peers and coworkers
Approved background and drug screen is required

Preferred Qualifications

Experience with or working knowledge of SEIM and/or log correlation tools
Experience with scripting languages (shell, bat, Perl, etc)
Exposure to PCI, ISO, Bits, or Cobit audit and compliance
Additional related education and/or experience preferred

Physical Requirements

Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling, and reaching. Must be able to lift10 pounds occasionally and/or negligible amount of force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers.

Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.

Candidates responding to this posting must independently possess the eligibility to work in the United States at the date of hire

The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.

Early Warning is an equal opportunity/affirmative action employer committed to cultural diversity in the workforce.