Security Monitoring Analyst

Description

As a Security Analyst on the Information Security Operations team, you will develop and coordinate response processes and automations for security events detected in the environment. You will act as an escalation point for the Security Monitoring team to assist with event analysis and response decisions while also partnering with other security team functions to improve response times and detection efficacy.

Responsibilities

• Contribute to the development and improvement of Security Monitoring processes and tools by thoroughly understanding the tooling, coverage, and capabilities of existing solutions and identifying opportunities for improvements, automation, and integrations.
• Develop and refine detection rules and signatures to improve the efficiency and effectiveness of threat detection systems. This will involve staying abreast of the latest threat intelligence and attack techniques and effectively integrating those feeds into detection capabilities.
• Analyze security events to verify and assess the initial scope, impact, and root cause of security alerts. This will require in-depth knowledge of network protocols, authentication mechanisms, operating systems, and common attack vectors.
• Identify processes that can be automated and orchestrated to ensure maximum efficiency of operational resources, reducing manual repetitive tasks where possible.
• Identify and work with system owners and development staff to actively reduce false positive detections to improve the accuracy and actionability of tooling detections.
• Provide regular reports to management regarding existing or potential risks to Tyler systems.

Qualifications

• 3+ years of progressively increasing responsibility in the areas of endpoint security, cloud security, or SOC.
• Bachelor's degree in IT, cybersecurity or related area of study, or comparable work experience.
• Prior in-depth experience working with modern endpoint detection & response, SIEM and SOAR, and IDS/IPS solutions required.
• Possess a working knowledge of network infrastructure and communication protocols, including TCP/IP, DNS, and HTTP in an enterprise environment.
• Prior cloud (AWS) experience preferred.
• Experience with multiple environments and operating systems, devices and databases including Windows Server, Active Directory, VMWare, Azure, AWS.
• Strong analytical and problem-solving skills and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Self-motivated and possessing a high sense of urgency and personal integrity.
• Able to define and refine operational procedures, workflows, and processes to support the team in consistently executing monitoring and detection with quality.
• Possess a working knowledge of network infrastructure and communication protocols, including TCP/IP, DNS, and HTTP.
• Strong communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
• Strong understanding of information security standards, concepts, controls, testing techniques and technical risk assessment.
• Strong understanding of restful API development, SDLC processes, and security automation desired.
• Will be required to undergo and satisfactorily pass a fingerprint background check in accordance with CJIS requirements.