Associate, Cybersecurity, Managed Detection and Response Analyst
Company: Ankura
Location: Aurora
Posted on: June 25, 2022
|
|
Job Description:
Ankura is a team of excellence founded on innovation and
growth.
Practice Overview:
Ankura's Cybersecurity and Privacy Practice is a full-service suite
of solutions to respond to clients' cybersecurity and privacy
needs, regardless of industry or size. Our team includes former Big
4 consultants, intelligence community and law enforcement
personnel, federal regulators, private security firms, and
technology companies. We are equipped and prepared to provide
services across a range of areas that include: Proactive
Preparedness, Incident Response, Investigations, Cyber Resilience,
Data Privacy, Managed Advisory Services and Managed Data Protection
Services.
The Managed Data Protection Services is part of the Global Cyber
Security and Privacy vertical. This position- is remote but
administratively based in Washington, D.C.
Role Overview
This position will be responsible for providing expert network
security analysis for Ankura's portfolio of Managed Detection and
Response (MDR) clients in a 24x7 operational environment. This
analyst position will be assigned to the Security Operations Center
(SOC) team in the US where analysts actively review alerts and
reported behaviors from a variety of security performs. Analysts
conduct the deeper investigation of events and other data elements
for possible threats. Analysts work directly with clients in an
incident response lead or support role. Analysts make
determinations of threat potential from network and host events,
building an understanding of risk and helping Ankura, and its
clients understand those risks as well as mitigation strategies.
The candidate will have experience managing workflow and
coordinating efforts. Further, the candidate must possess strong
interpersonal skills and can work with cross functional team
members.
Responsibilities:
* Monitor Network Traffic, Security Information Event Management
(SIEM) and Software-as -a-Service (Saas) security monitoring
platforms to correlate events, detect anomalous activity and
response
* Leverage events to determine the impact, document possible causes
and provide useful information to clients
* Develop enhanced threat awareness and knowledge through research
and continuous improvement of use cases, signatures, and
metrics
* Work with clients and incident response teams to investigate and
resolve security issues
* Prepare daily reports for clients
* Serve as a direct client interface with a range of client
stakeholders
* Employ deductive reasoning and analysis to make informed
decisions and conclusions
* Maintain standard operating procedures
* Maintain communications and visibility with team members, senior
analysts, management and clients.
Technical Skills Utilized in the Role:
* Deep understanding of various commercial and open-source network
sensors, intrusion detection systems and event log correlation
engines
* Elastic, Logstash, Kibana
* Traditional SIEM ArcSight ESM, Splunk
* Emerging SIEM such as SNYPR, Exabeam, Empow
* Snort / Surricata / Zeek / Wireshark
* Nextgen Anti-Virus (NGAV) and Endpoint Detection and Response
(EDR) tools such as VMware Carbon Black, CrowdStrike, Cylance,
SentinelOne, Cybereason
* Security platforms such as Proofpoint, BlueCoat
* Open-source frameworks such as Security Onion
* Lucene, Python, and/or other similar programming/query/scripting
languages
Qualifications:
* Bachelor's Degree in a related Cybersecurity/IT/Computer Science
field or equivalent relevant experience
* 1 - 5 year(s) of cybersecurity experience
* Demonstrated knowledge of network traffic security monitoring and
analysis tools, SIEM tools and Security Operations Center (SOC)
operations
* Emerging SIEM such as SNYPR, Exabeam, Empow
* Demonstrated experience and proficiency in the implementation and
utilization of endpoint security monitoring solutions including but
limited to Anti-Virus (AV), Nextgen Anti-Virus (NGAV), Endpoint
Detection and Response (EDR), Extended Detection and Response
(XDR), and firewall tools
Relevant Certifications:
* Network +
* Security +
* GIAC Certified Incident Handler (GCIH)
* GIAC Certified Forensic Examiner (GCFE)
* GIAC Network Forensic Analyst (GNFA)
* GIAC Certified Intrusion Analyst (GCIA)
#LI-Remote
#LI-NA1
* Ankura is proud to be an equal opportunity employer committed to
fostering a diverse and inclusive environment where mutual respect
and collaboration is paramount. All qualified applicants will
receive consideration for employment without regard to age, race,
color, religion, sex, sexual orientation, gender identity and
expression, disability, protected veteran status, national origin,
or any other legally protected status.
Keywords: Ankura, Cincinnati , Associate, Cybersecurity, Managed Detection and Response Analyst, Professions , Aurora, Ohio
Click
here to apply!
|