The Security Monitoring Analyst would join the Cyber Fusion Center (CFC) and work to monitor for indicators of attack and improve our processes and procedure. A successful candidate for this role will have experience reviewing security events from multiple systems (Windows, Unix, routers, switches and endpoints) and be able to understand what events are benign and what may be malicious based on data classification, behavior and context. While this role focuses heavily on review and triage of events, a successful candidate will also know how to design and implement correlation searches to respond to changes in the environment and reduce false positives.

Experience:

• 5-7 years of cyber security monitoring experience
• Skilled with Splunk searches and queries
• Strong adversarial mindset (think like an attacker)
• Coaching and mentorship skills
• Monitor and detect security events from SIEM, Log collection Engines and other security technologies, such as Splunk and McAfee DLP
•  Perform investigations using security platforms to determine false positives or escalate (i.e. IDS/IPS, DLP, etc.)
•  Monitoring of health alerts and downstream dependencies
•  Review and take a proactive approach to false positive and work with other teams to improve accuracy of the alerts
•  Document, investigate and notify appropriate contact for security events and response Collaborate with technical teams for security incident remediation and communication
•  Conduct security research on threats and remediation methods
•  Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management revie
• Fluent in English and Spanish