Senior Information Security Analyst

Job Details

Position: Sr. Information Security Analyst- Operations & Threat Response
Location: Overland Park, KS
Job Summary:
System One is seeking an Information Security Analyst for a long-term, hybrid-onsite opportunity in Overland Park, KS. The Information Security Analyst will support the Cyber Defense and Operations (CDO) programs including Security Operations Center (SOC), Incident Response (IR), threat monitoring, threat hunting, EDR management, and assist with cybersecurity assessment activities. This individual will be responsible for monitoring, analyzing, and maintaining the security and integrity of networks and applications by ensuring system controls are properly deployed while adhering to security standards and industry best practices. The Information Security Analyst will have knowledge and experience with SIEM, Incident Response, event analysis, threat intelligence, EDR, and security operations.
Responsibilities:

• Responsible for the day-to-day operation and response to alerts, alert triage, and escalation from SIEM, IDS/IPS, EDR, email & web security, application, and network security devices.
  Proactively search for signs of malicious activities and potential security incidents.
• Investigate and resolve security events and incidents.
• Conduct forensic analysis of security breaches and incidents.
• Investigate and analyze the root cause of incidents and breaches.
• Analyze various data sources, such as SIEM logs, network traffic, and endpoint data to identify anomalies and indicators of compromise.
• Continuously review, test, and improve the Incident Response Plan (IRP).
• Document and maintain procedures related to Security Operations Center (SOC) and Incident Response & Operations.
• Monitor, triage, and respond to alerts from information security tools and escalate issues to senior management as needed.
• Oversight and governance over the coverage and quality of the log sources being consumed by the SIEM (such as workstations, servers, cloud platforms, EDR, network devices, firewall, secure mail gateways, and applications).
• Maintain up-to-date knowledge of emerging threats and vulnerabilities.
• Generate technical and executive metrics for visibility and continuous improvement for the Security Operations Center (SOC) and Incident Response & Operations Programs.
• Coordinate and participate in risk assessment efforts and assist with remediation of findings.
• Identify security risks and exposures; determine the root causes of security incidents and recommend the plan of action to improve the security posture.
• Monitor trending TTP's to prepare for future breach attempts.
• Analyze and remediate EDR related incidents and gaps.
• Support and manage security tools by continuously tuning and optimizing capabilities.

Required Qualifications:

• Bachelor's degree in information security or equivalent work experience
• 4+ years of Information Security experience.
• 3+ year experience with responding to cybersecurity events and incidents.
• Knowledge of security technologies and tools (e.g., SIEM, IDS/IPS, EDR).
• Ability to communicate and work effectively with others, harness different skills and experience, and build a strong sense of team spirit even if escalating critical incidents to IT stakeholders with conflicting schedules.
• Action and results-oriented with the ability to overcome obstacles and able to work well under deadlines in a changing environment.
• Knowledge of security technologies and tools (e.g., SIEM, IDS/IPS, EDR).
• Strong speaking and writing skills with ability to effectively communicate to both engineers and senior leadership.
• Strong understanding of current threats and trends present in the cybersecurity and OT field.
• Highly motivated individual with the ability to self-start, prioritize, multi-task, and has a "can-do" attitude.
• Knowledge of security and privacy frameworks such as Cyber Kill Chain, MITRE, NIST, ITIL, SANS, NERC CIP, CIS, CMMC, OWASP, etc.
• One or more certifications: Security+, GCIA, GCIH, CEH, CISSP