The Information Security Analyst will manage the end-to-end operational deployment, verification, incident handling and support of our Customers’ remote managed EventTracker SIEM solution. This is a technical operational role focused on delivering quality service to our customers.
- Provide operational and technical support to our Customers. (note, candidates will receive training on all EventTracker tool sets)
- Serve as shift leader and point of escalation for level 1 analysts.
- Oversee completion of day-to-day checklist(s), including: log review, management report scheduling & running, alert analysis, and escalation follow up activity status
- Manage security incident investigation and diagnosis (performs triage on incidents which are reported by the EventTracker SIEM tool to filter out false positives and known accepted activities)
- Validate incident containment and remediation recommendations provided to Customers.
- Ensure all unresolvable cases are passed to the correct team for action as appropriate
- Ensure high level of quality when managing tickets, requests and Customer queries
- Execute Customer on-boarding
- Capture requirements and prepare Customer EventTracker SIEM filter & tuning requests
- Prepare reports & distribute in readiness for Customer tuning calls
- Arrange & manage client calls (record outputs/actions appropriately)
- Create scheduled Customer reporting, from existing reports, where appropriate
- Maintain technical knowledge, tool proficiency, and system accesses, which allow you to perform the role
- Ensure documentation is maintained appropriately on Sharepoint & new documents are created/stored correctly
- Engage with Customers to build and maintain good, professional relationships
- Manage operational relationships with all relevant parties
- Responsible for the application of IT Security Policy, processes & procedures to mitigate risks to our Customers
- May be required to provide on call emergency support if required by the business.
- Bachelor’s degree in information systems or 2 year equivalent work experience in Network Security Systems & Operations.
- Qualified to degree level, or equivalent professional experience and/or with recognized technical/security qualifications.
- Relevant experience and understanding of Network Security Systems & Operations
- Understanding of system logging including both Security and non-security logs
- General knowledge of Linux/Unix and Microsoft Security Logging Policies
- General knowledge of Network Application Logs Especially Proxies, Web Application Firewalls, and Stateful Firewalls
- General knowledge of Syslog, SNMP, WMI and the benefits and limitations of each
- Knowledge of Security management, network and information security, and end user security.
- User level experience with UNIX/Linux systems
- Experience supporting one or more services within a Security Operations Center is a plus
- Excellent verbal and written communication skills with the ability to work effectively in a group setting. Consistent and proper communication to Customers, management, and team.
- Ability to partner with teams such as developers, vendors, analysts, and project managers.
Please submit your resume and a cover letter indicating the position for which you are applying to: firstname.lastname@example.org. We will contact you if your qualifications meet with our criteria.