Listing Description
Description
Ampsight is seeking a Security Analyst who will be responsible for the organization of new security platforms in order to enable the Security Operations Center to stay ahead of emerging and current threats. The Security Analyst will utilize data analytics, threat intelligence, and your experience to leverage new and existing technologies to build the use case that drive security analytics and incident response. You will get hands-on with new and exciting technologies to help drive the direction of security capabilities.
Preferred Qualifications & Certifications
- Graduate: BE/BTech or equivalent
- Network + Security + CEH/GCIH
- SIEM Technology certified (one or more): ArcSight, Qradar, Splunk, etc.
- Splunk Core Certified Advanced Power User will have added advantage
- CHFI certification will have added advantage
Responsibilities
- Developing and maintaining security monitoring and response processes
- Incident analysis's in detail and solution mapping with the knowledge base
- Ensuring quality call handling and call escalation by adhering to SLA
- Responsible for SOC tools monitoring, maintenance and licenses management
- Development of Use case design, reports analysis, and further enhancement
- Proactively reviewing and operationalizing threat intelligence in order to create alerts to detect techniques, tactics, and procedures employed by threat actors
- Responsible for incident management and change management process handling
- Maintaining current knowledge and understanding of threat landscape and emerging security threats
- Sharing knowledge and providing training to Level-1
- New devices integration and use case creation
- Use Threat Intelligence to identify infected/affected systems and the scope of the attack
- Responsible for advanced threat hunting forensics
- Tracking, reporting, and controlling incident communications with other teams
Requirements
- Bachelor's degree in Computer Science or related technical field
- US citizenship required
- An active TS/ SCI with Full Scope Poly Security Clearance
- Willing to go onsite as needed
- Splunk Core Certified Consultant Certification
- An understanding of SOC and Incident Response practices and methodologies
- Expertise using one or more SIEM products - Splunk, ArcSight, Qradar etc.
- Expertise in troubleshooting technical issues in Splunk SIEM solution
- Technical knowledge of networking protocols and Internet Security
- Experience with endpoint security analysis on Windows, Mac, and Linux event data and related tools
- Understanding of security technologies including UEBA, SIEM, IDS/IPS, firewalls, endpoint security, content filtering, and packet inspection
- Understanding of Cloud computing and security issues related to Cloud environments
- Analytical skills and ability to identify advanced threats
- Good knowledge and experience with threat hunting and forensic analysis
- Root cause analysis experience, getting to the root cause, problem solving
- Good knowledge of Windows and Linux
- Strong written communication and presentation skills
Benefits
- Stock options, our success is your success
- Discretionary performance-based bonus(es)
- 10 paid holidays and 1 floating holiday per year
- 20 days PTO per year
- 401k plan with 4% match (assuming 5% employee contribution)
- Health care, dental, and vision with company contribution
- Short and long-term disability
- Life insurance
- Hybrid work model
Listing Details
- Salary: $150000 - $200000
- Citizenship: Top Secret
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Hybrid Telecommute