Remote Role - Need Security Analyst

• Please read this message in its entirety as there are important details outlined. This role has the following after hours schedule, please make sure that your candidates are aware and ensure this is a schedule they are willing to adhere to before submitting their resume.

All shifts are on a set schedule to cover after hours contracted support. Each shift is a 9hr shift with 1hr given for lunch/meal time. The role is set for a full 40hr each week with no overtime. If a worker is to go over, then comp time will be granted upon communication and coordination with the manager.

Example Schedule

4p-1a CST Fri-Tues

12a-9a CST Fri-Tues

Candidate Description

The Tier 2 Security Operation Center (SOC) Analysts have experience in using SIEM technologies to support in-depth investigations and threat hunting activities. Experience with Devo, Netwitness, Azure Sentinel or other SIEM technology is required. An understanding of ticket workflow and handling is also required. This position may require off-hours work at times (outside of 40 hours). If off-hours compensation is needed, Comp time will be issued in place of Overtime pay. The Comp time hours will be available to schedule for up to 2 months after the Overtime is recorded. After 2 months' time or the end of employment, the Comp time will expire and be unavailable for use.

Tier 2 Analysts Are Primarily Responsible For

• Determining service impact of security events.
• Primarily support after business-hours operations, to include evenings after 5pm and overnights as well as weekends and holidays.
• Escalate tickets/activities as needed.
• Research and data collection of events of interest.
• Engaging support of Tier 3 Analysts, Network Operations Center (NOC), Network Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary.
• Working tickets via ticketing system.
• Creating tickets for various needs of the SOC.
• Alerting customers to possible malicious activity.

Responsibilities

Tier 2 Analysts additional responsibilities:

• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Provide support, guidance, and mentorship to other SOC personnel.
• Contribute as needed to the creation of process documentation and training materials.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Work security tickets within established SLAs and escalate to Customer or Tier 3 as needed, establish false positive, or contact customer as needed.
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Assists in developing cybersecurity recommendations to Tier 3 based on, significant threats and vulnerabilities, or observations of the environments.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, or misuse activities; and distinguish these incidents and events from benign activities.
• Receive and analyze security alerts from various sources within the enterprise and determine possible causes of such alerts.

Candidate Requirements

Candidate should have strong communications skills, both written and verbal. Be comfortable communicating with teammates, customer technical personnel, and AT&T Leads and/or Managers.

The Preferred Candidate Is REQUIRED To Have

• Strong Trouble Shooting Skills
• Complete basic safety and security training to meet the customer requirements
• Understanding of Ticket Flow
• CompTIA Security + certification (equivalent or higher)
• Must be able to pass a CJIS background check process and other background checks to comply with customers contracts
• Ability to work a set schedule that support after normal business-hours operations to include weekends and holidays.
• Understanding of how to read inbound and outbound traffic
• Demonstrated experience using either an enterprise and/or cloud Security SIEM technologies as an analyst
• Strong Documentation (SOP/Standard Operations Procedure) development
• Selected candidates must be US Citizens
• Three (3) to five (5) years of Security Incident Response, Security Operations Center, and/or threat analysis experience
• Ability to support and work across multiple customer and bespoke systems

Candidate Preferred Requirements

The Preferred candidate holding one or more of the industry certifications will be a plus.

• CompTIA Cybersecurity Analyst (CySA+) or equivalent (Blue Team L1)
• Splunk Power User Certification, Devo Platform User Certification, or Netwitness Logs and Network Analyst Certification
• Certified Ethic Hacker (CEH) or equivalent
• Other Certs such as CompTIA Networking+, any cloud or cloud tool certifications, Devo, Splunk, Azure Sentinel, etc.

Qualifying Experience and Attributes

• Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Able to use the internet to do research on events of interest.
• Familiar with the cyber kill chain.
• Knowledge of incident response and handling methodologies.
• Knowledge of escalation, incident management and change management processes and procedures of a SOC.
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Working knowledge of cybersecurity and privacy principles.
• Experience with one or more SIEM: Devo, RSA Netwitness, Splunk, Azure Sentinel, Q-Radar, ArcSight, etc.
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
• Working knowledge of cyber threats and vulnerabilities.
• Familiar with Mitre ATT&CK and Mitre D3FEND
• Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, Ixia, tcpdump).
• Familiar with common cybersecurity frameworks, regulations, and compliance standards
• Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).