This is an on-site position in Salisbury, MD. It is NOT a remote position. It comes with a comprehensive relocation package.
Responsibilities: Client is looking for an Information Security Analyst to support and enhance the company’s technical capabilities for detection, identification, and response to information security incidents and the monitoring of security systems, such as SIEM, EDR/NDR, IDS/IPS, SIEMs, firewalls, etc. As part of the cyber security incident response team, you will help support activities for investigations, tabletop exercises, e-discovery, and forensics collection. You will assist with coordinating vulnerability scans, web application assessments and penetration testing by partners and external services. Specifically:
- Support daily operations of information security systems and processes to ensure protection and enablement of information security policies
- Develop, enhance, and maintain security tools to support capabilities for network and host-based security detection and event analysis.
- Monitor system logs and network traffic for unusual or suspicious activity.
- Engage with external security operations centers (SOC) for investigations, recommendations, and resolution.
- Support maintenance of incident response playbooks and tabletop exercises.
- Research threats and vulnerabilities to provide recommendations and/or implementation of mitigating controls.
- Coordinate web application assessment and penetration testing with partners and services providers.
- Work with IT and legal counsel in support of forensics and e-discovery requests.
- Perform incident response and investigations as part of the computer security incident response team (CSIRT) and participate in on-call rotation.
Requirements: A bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or related discipline is preferred, however, equivalent years of experience may be considered in lieu of educational requirements. Additionally:
- At least one industry certification such as CISSP, GSEC, GCIH, CEH, Security+ is strongly preferred.
- Minimum 3 years’ experience in Information Security.
- Experience analyzing log sources from security and networking devices such as packet captures, firewalls, web proxies, end point detection and response (EDRs), and operating systems.
- Experience with common security programs such as HIDS/NIDS, SIEM, anti-virus, packet capture tools, host-based analysis technologies.
- Experience managing or supporting endpoint detection and response (EDR), intrusion prevention solutions, email protection, and web gateway filters.
- Proficient knowledge of network and security protocolsKnowledgeable of computer forensic analysis, data recovery, and eDiscovery
- Knowledgeable in security frameworks and standards such as MITRE ATT&CK, NIST CFS, CIS
- Strong analytical and problem-solving skills to enable effective security incident and problem resolution
- Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously