|The System Security Analyst position requires great technical expertise in securing the Windows platform. Responsible for a broad range of tasks, including the day-to-day administration of information security tools and devices, support for security information and event management (SIEM), and includes significant responsibilities for the security administration of a wide variety of IT systems. Implement the continuous monitoring of the security posture of all systems in the enterprise. Provide in-depth incident analysis, evaluate security incidents and perform research, as well as monitor, analyze and correlate network traffic utilizing the latest in security tools and technology. Review threat data from various sources; coordinate with leadership to provide reporting and situational awareness. Interact closely with personnel from various teams including the application development, operations and network, and system owners. Administer and help support various Information Security Management programs and initiatives related to computer security, policy and procedures, awareness training, audit coordination, legal matters, legislation and regulatory compliance.
• Harden Windows Server OS using group policy
• Maintain the Windows Server template and ensure implementation of technical security controls.
• Administer Active Directory
• Create configuration/policies/alerts using SIEM tools.
• Correlate actionable security events from various sources including Security Information Management System (SIMS) data and develop unique correlation techniques.
• Develop and maintain documentation for security systems and procedures.
• Lead the implementation of incident handling lifecycle by coordinating with system owners.
• Provides support and analysis during and after a security incident.
• Collate security incident and event data to produce weekly exception and management reports.
• Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach.
• Participate in security investigations and compliance reviews, as requested by internal or external auditors.
• Report status of incidents to management.
• Conduct penetration tests on development systems and act as the liaison for third party security assessments.
• Research threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
• Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
• Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.
• Perform system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures.
• Administer components of the security architecture such as IDS/IPS and SIEM tools.
• Review threat data from Intel feeds and develop custom signatures for IDS or other custom detection capabilities.
• Research, recommend, evaluate and implement information security solutions that identify and/or protect against potential threats, and respond to security violations.
• Maintain network security diagrams.
• Support information security architectural requirements.
• Monitor security vulnerability information from US CERT, vendors and third parties and notify management of impact to security posture for systems.
• Participate in information security working groups.
• Deep understanding of Windows platform and Active Directory roles
• Significant experience in creating and managing Group Policy and SCCM is required
• Experience with Office 365, Intune, IRM and Azure desired
• Experience in implementing STIGs preferred
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management. Experience in Security Operations Center preferred.
• Technical proficiency with security-related systems and applications such as vulnerability scanners, end point security solutions, Intrusion prevention devices.
• Experience and proficiency with any of the above: SIEM, Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-based Forensics, Network Forensics.
• Experience in performing network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks
• Experience in scripting languages such as python/PERL/BASH and experience with regular expressions and correlation rules
• Experience in coordination of resources during enterprise incident response efforts, driving incidents to resolution.
• Expertise in Microsoft Windows, Linux platforms.
• Experience in developing, documenting and maintaining security procedures.
• Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts.
• Strong knowledge of TCP/IP and Web technologies.
• Ability to work in a consultative role with users in assessing needs and requirements.
• Ability to work under pressure and tight deadlines.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.