Job Description
DLP/Security Analyst
Following activities are considered in scope
24x7 security operations centre to and monitor security events and provide real-time or near real-time alerts on potential attacks governed by SLAs and KPIs
Timely response to security incidents and tracking these with respective IT teams
Increased assurance and sustained compliance to regulatory requirements
Provide and manage SIEM with logging; event correlation; and alerting
Monitor and support endpoint security platforms; web filtering gateways; and email security gateways
Monitor regularly scheduled vulnerability management scans and report and track through remediation
Provide Data Loss Prevention (DLP) services
Provide DevSecOps tools; procedures; and training
Incident response planning; execution; and training
Threat intelligence; security advisory; and guidance for detection; prevention; or remediation
Services and recommendations provided will align with NIST 800-53; 800-171; and/or ISO 27001 with a focus towards Cybersecurity Maturity Model Certification (CMMC)
managed tools
ITSM or Incident management platform
Logging and SIEM platform
Security dashboard accessible by
Penetration testing tool
DevSecOps security pipeline tool
Key Responsibilities
- Lead design and implementation of an architecture for collaborative projects and initiatives in conformance to their security standards.
- Review existing systems logging; alerting; and reporting capabilities
- Recommend/Implement logging; alerting; and reporting capabilities relative to leading practices and industry standards
- Recommend/Implement changes to logging; alerting; and reporting on an ongoing basis
- Install and configure managed SIEM platform in data center for log collection
- Provide access to SOC dashboard showing threat landscape in real-time as well as the ability to obtain prepared and ad-hoc reports
- Execute proactive defense through Indicators of Compromise (IoC) sweeps; host interrogation; and persistent threat hunting
- Prepare Malware Analysis and Threat Hunting Plans and SOPs
Collect and aggregate logs from in-scope systems
Add or remove systems as required
Collect and aggregate data through system polling
Monitor in-scope systems 24/7/365
Provide automated alerts and ticket creation for security incidents
Investigate incidents as they occur and provide real time response
Provide day to day management of SIEM system; including maintenance activities; updates; access management; etc.
Prepare and review reports monthly to ensure in-scope systems are monitored and reporting status appropriately
Monitor anti-virus/anti-malware systems
Prepare and review reports weekly and ensure systems are up to date with critical security patches
Prepare and review reports weekly and ensure systems are up to date with security application versions
Prepare and review reports weekly and ensure systems are up to date with security application signatures
Provide summary of recommendations related to non-compliant systems to IT management weekly
Approve/Assign appropriate risk score or criticality
Direct appropriate resource (i.e. server management team; endpoint management team) on updating non-compliant systems
Review existing security incident disaster recovery plans on an ongoing basis
Recommend/Implement security incident disaster recovery plans relative to leading practices and industry standards
Review existing evidence retention plans and policies on an ongoing basis
Recommend/Implement evidence retention plans and policies relative to leading practices and industry standards
Review vulnerability management policies and practices on an ongoing basis
Recommend/Implement vulnerability management practices and policies relative to leading practices and industry standards
Run automated or manual penetration tests monthly against in-scope systems;
Run manual penetration tests against in-scope systems and applications annually to test against known vulnerabilities; such as OWASP top 10 list
Provide summary and detailed results of tests
Provide remediation recommendations
Approve remediation recommendations
Direct appropriate resource (i.e. server management team; endpoint management team) on implementing recommendations
Run manual scans against remediated systems
Provide documentation related to regulatory compliance; as required
Participate in regulatory compliance meetings; as required
Implement automated testing tools and procedures as part of a DevSecOps security pipeline
Good consultative and communications skills; design skills; analytical ability; judgment; and the ability to work effectively with our internal teams; support staff; consultants; and vendors.
Education: Bachelors / 4 yr. degree
Relevant Work Experience: 5+ years
Experience
Qualifications
Security; 5 years (Required)
Total IT; 8 years (Required)