|The Network Security Analyst role requires a great level of technical expertise in network engineering. The Network Security Analyst will provide subject matter expertise in design and implementation of network security across enterprise with technologies such as next generation firewall, NAC, IDS/IPS, SIEM and software defined networks. Responsible for daily monitoring of network equipment to identify problems, anticipate potential problems, and respond to active problems/issues. Implement the continuous monitoring of the security posture of all networks in the enterprise. Provide in-depth incident analysis, evaluate security incidents and perform research, as well as monitor, analyze and correlate network traffic utilizing the latest in security tools and technology. This role requires interaction with a cross-functional team of technology and business professionals including infrastructure, application development, business partners, and 3rd party subject matter experts to ensure that solutions are planned, developed, deployed, and maintained in accordance with the security best practices and in compliance with security standards.
The ideal candidate is highly autonomous, possesses strong written and verbal communication skills, strong project management and time management skills and has a successful track record of designing and delivering simple, scalable solutions. The desire and ability to work in a fast paced, collaborative environment is essential.
• Perform hardening of network devices in accordance with hardening guidelines
• Review network configuration and firewall rules to reduce attack surfaces
• Create configuration/policies/alerts using SIEM tools.
• Create custom IPS signatures.
• Research threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
• Review and implement changes on the network according to established change management policy and procedure
• Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
• Lead the implementation of incident handling lifecycle by coordinating with system owners.
• Provides support and analysis during and after a security incident.
• Collate security incident and event data to produce weekly exception and management reports.
• Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach.
• Participate in security investigations and compliance reviews, as requested by internal or external auditors.
• Report status of incidents to management.
• Conduct penetration tests on development systems and act as the liaison for third party security assessments.
• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
• Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
• Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.
• Perform system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures.
• Administer components of the security architecture such as IDS/IPS and SIEM tools.
• Review threat data from Intel feeds and develop custom signatures for IDS or other custom detection capabilities.
• Correlate actionable security events from various sources including Security Information Management System (SIMS) data and develop unique correlation techniques.
• Develop and maintain documentation for security systems and procedures.
• Maintain network security diagrams.
• Support information security architectural requirements.
• Monitor security vulnerability information from US CERT, vendors and third parties and notify management of impact to security posture for systems.
• Demonstrated experience supporting enterprise scale networks
• Demonstrated experience implementing, supporting, and troubleshooting Cisco network hardware/software including: routers, switches, wireless access points, DMVPN, Firewalls, F5 load balancers, network monitoring and remote access.
• Ability to perform packet level analysis with network protocol analyzer software tools
• In-depth knowledge of and significant experience with major Internet protocols
• Deep knowledge of network hardware and packet forwarding architectures
• This is a professional support position. It requires 7x24 support responsibility
• Experience dealing with customers during problem resolution and operating efficiently under pressure.
• Technical proficiency with security-related systems and applications such as vulnerability scanners, end point security solutions, Intrusion prevention devices.
• Experience and proficiency with any of the above: SIEM, Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-based Forensics, Network Forensics.
• Experience in performing network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks
• Experience in developing, documenting and maintaining security procedures.
• Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts.
• Ability to work in a consultative role with users in assessing needs and requirements.
• Ability to work under pressure and tight deadlines.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.