Principal Security Analyst (Remote)

Apply for this position Please mention DailyRemote when applying
Posted 8 days ago United States Salary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

DescriptionThis position is required to perform security event log monitoring and analysis for applications and infrastructure in both DSG and third party environments and identify possible threats to network, server, and application security. This position is responsible for monitoring and alerting details regarding cyber security threats specific to DSG systems, networks and data. This position is also responsible for monitoring and analysis of external data sources (e.g., computer network defense vendor sites, Computer Emergency Response Teams, SANS, Security Focus and other cyber security intelligence gathering entities) to maintain currency of cyber threat condition and determine which security issues may have an impact on the enterprise. Perform Tier 2 security incident triage, to include, but not limited to initial determination of scope, urgency, and potential impact of cyber security threats targeting the DSG enterprise. The perfect candidate will be capable of making recommendations that enable expeditious remediation of cyber security threats and perform real-time security incident handling and tracking (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support Incident Response Team. Additionally the candidate will provide value add information to maintain and improve metrics for CSOC operations. Work as part of a team of Information Security professionals supporting the enterprise Triage and respond to concurrent security incidents Escalate issues to senior staff/management as required Assists IT staff to remediate any vulnerabilities and/or threats to corporate networks Document incident results and report details to the security organization Respond to internal customers, partner's and auditor's request for information regarding the corporate security event management capabilities Document existing and new processes, mature existing documentation. Execute standard procedures for the administration, backup, disaster recovery, and operation of information security systems Research, analyze and understand log sources as well execute mitigating controls for security and networking devices (such as firewalls, routers, anti-virus products, and operating systems). This role will be required to understand and execute mitigating controls at the application tier that includes but is not limited to BOT, ATO and Credential Stuffing attacks. Assist and participate with security incident management processes Experience in the administration of multiple operating systems and deployment options and cloud-based infrastructure to include Pivotal Cloud Foundry, GCP, Azure as well as containerized applications on Kubernetes. Knowledge of cloud IaaS and container level monitoring solutions a plus. Experience with Bot Man Premiere similar BOT mitigation tools. Experience in scripting using PowerShell and Python Possesses an understanding of the TCP/IP protocol suite, security architecture, and remote access security techniques/products. Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns. Have strong technical support skills for client systems. Candidates must have a thorough understanding of incident response methodologies (SANS/NIST) and understand the impact each step can have in responding to attacks. Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with associates. Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis. Ability to ingest threat intelligence to drive intelligent monitoring and alerting by analyzing attack patterns and predicting future threats. Willingness to serve as a member of an Incident Response Team (IRT) and respond to emergency calls during non-business hours, as needed. Ensure the confidentiality, availability, and integrity of security operations data sources. Candidate must be able to react quickly, decisively, and deliberately in high stress situations. Highly motivated individual with the ability to self-start, prioritize, and multi-task Will be required to support the day-to-day operations of security controls within the following areas: whitelisting, WAF monitoring and web filtering, Windows, VMware, compliance monitoring and application reviews Ensure proper metrics, analysis, and reporting for continuous process improvement. QualificationsEducation: Bachelor's Degree Equivalent Work Experience Experience: 5 - 7 years CISSP desired (Certified Information System Security Prof.) CISA desired (Certified Information System Auditor) GIAC certifications desired #LI-HC1