Type your keywords in the search box above

Secure Ops Information Security Analyst

The Information Security Analyst is a security professional knowledgeable about information security alerting, threat trends, security event telemetry, intrusion analysis, malware, and anomalous behavior. The Analyst reviews security alerts and correlates telemetry to discern whether the traffic is malicious and actionable, then quickly resolves alerts through escalation to Information Security Analyst Tier 2 or Information Security Investigator or suppression as false positives. The Analyst directs his work according to the MSS Operations Playbook, and hunts through large volumes of alerts and telemetry to find security breaches. The Analyst constrains his investigation to a brief review, escalating cases requiring more detailed investigation and suppressing the rest. The Analyst works in an assigned shift, and is required to be present physically and via secure messaging such as IRC and Cisco Jabber; constant interaction with the SOC staff is required.
Security Analyst Duties
• Align security alert review and analysis to prescribed Managed Security Services Operations Playbook
• Conduct introductory analysis into security breaches at customer sites using high-fidelity alerts and tools within Customer environment, Cisco, and online.
• Review alerts generated by:
o security detection tools,
o correlate with device logs,
o and other forms of available telemetry
• Interpret the above data in the security analysis process
• Maintain up-to-date information in alert handling tools
• Where Customer SLA governs timing, the Analyst must work within the timing bounds to acknowledge and resolve alerts
• Vigilantly protect Customer data confidentiality and integrity, ensuring proper handling and protection electronically, physically, and verbally
• Work in assigned shift and ensure shift is covered personally.
• Document best practices with the SOC staff using available collaboration tools and workspaces

Job Requirements: 

Desired Technical Skills and Qualifications

• Understanding of industrial protocols, including DNP3, CIP (including Rockwell proprietary extensions), Ethernet/IP, OPC-DA, OPC-AE, OPC-UA, Modbus (including Schneider proprietary extensions)
• Knowledge of RTOS kernels such as QNX, VxWorks, and Windows CE
• Knowledge of standards such as ISA-99/IEC62443, NIST 800-82, NERC/CIP (for utiilities) v5 and beyond, US-CERT, SANS 20 Critical Controls
• Working knowledge of the Windows operating systems
• Working knowledge of Linux / UNIX operating systems
• Experience with Snort or other open source intrusion detection tools
• Working knowledge of Next-Generation Intrusion Prevention System
• Detailed understanding of the TCP/IP networking stack
• Working knowledge of NetFlow technology
• Working knowledge of Full-Packet Capture technologies
• Understanding of the typical client-side and server-side attack chain at the Network and Endpoint level
• Understanding of modern malware threats
• Understanding of the common Network Security technologies and products in the Campus, Data Center and Internet Edge.

Desired Experience and Certifications
• BS in a technical field (Computer Science / Computer Security / Cybersecurity / Computer Networking preferred) or equivalent
• 2+ years of professional experience in the IT security industry
o can substitute with own research, formal cybersecurity education and university studies
• SOC operations environment experience
• Sourcefire Certified Professional (SFCP)
• CCNA Security certification
• GCIA or GCIH certification
• Wireshark Certified Network Analyst certification a plus
• CompTIA Linux+ and Security+ certifications a plus

Additional Skills
• Self-discipline to work according to playbook and time requirements
• Passion for cybersecurity and staying up-to-date with current threats, tools and techniques
• Can-do attitude, thinking outside of the box
• Willingness to learn new security technologies, products and incident analysis and response approaches
• Strong collaborative skills and openness to work in a diverse multinational team of security professionals

Job Type: 

Permanent

Company Name: 

Cisco Jobs Africa

Company Location: 

Click here to apply
Facebook icon
Google icon
LinkedIn icon
Twitter icon
e-mail icon

Comments