Associate, Cybersecurity, Managed Detection and Response Analyst

Company: Ankura
Location: Aurora
Posted on: June 25, 2022

Job Description:

Ankura is a team of excellence founded on innovation and growth.

Practice Overview:

Ankura's Cybersecurity and Privacy Practice is a full-service suite of solutions to respond to clients' cybersecurity and privacy needs, regardless of industry or size. Our team includes former Big 4 consultants, intelligence community and law enforcement personnel, federal regulators, private security firms, and technology companies. We are equipped and prepared to provide services across a range of areas that include: Proactive Preparedness, Incident Response, Investigations, Cyber Resilience, Data Privacy, Managed Advisory Services and Managed Data Protection Services.

The Managed Data Protection Services is part of the Global Cyber Security and Privacy vertical. This position- is remote but administratively based in Washington, D.C.

Role Overview

This position will be responsible for providing expert network security analysis for Ankura's portfolio of Managed Detection and Response (MDR) clients in a 24x7 operational environment. This analyst position will be assigned to the Security Operations Center (SOC) team in the US where analysts actively review alerts and reported behaviors from a variety of security performs. Analysts conduct the deeper investigation of events and other data elements for possible threats. Analysts work directly with clients in an incident response lead or support role. Analysts make determinations of threat potential from network and host events, building an understanding of risk and helping Ankura, and its clients understand those risks as well as mitigation strategies. The candidate will have experience managing workflow and coordinating efforts. Further, the candidate must possess strong interpersonal skills and can work with cross functional team members.

Responsibilities:

* Monitor Network Traffic, Security Information Event Management (SIEM) and Software-as -a-Service (Saas) security monitoring platforms to correlate events, detect anomalous activity and response


* Leverage events to determine the impact, document possible causes and provide useful information to clients


* Develop enhanced threat awareness and knowledge through research and continuous improvement of use cases, signatures, and metrics


* Work with clients and incident response teams to investigate and resolve security issues


* Prepare daily reports for clients


* Serve as a direct client interface with a range of client stakeholders


* Employ deductive reasoning and analysis to make informed decisions and conclusions


* Maintain standard operating procedures


* Maintain communications and visibility with team members, senior analysts, management and clients.



Technical Skills Utilized in the Role:

* Deep understanding of various commercial and open-source network sensors, intrusion detection systems and event log correlation engines


* Elastic, Logstash, Kibana


* Traditional SIEM ArcSight ESM, Splunk


* Emerging SIEM such as SNYPR, Exabeam, Empow


* Snort / Surricata / Zeek / Wireshark


* Nextgen Anti-Virus (NGAV) and Endpoint Detection and Response (EDR) tools such as VMware Carbon Black, CrowdStrike, Cylance, SentinelOne, Cybereason


* Security platforms such as Proofpoint, BlueCoat


* Open-source frameworks such as Security Onion


* Lucene, Python, and/or other similar programming/query/scripting languages



Qualifications:

* Bachelor's Degree in a related Cybersecurity/IT/Computer Science field or equivalent relevant experience


* 1 - 5 year(s) of cybersecurity experience


* Demonstrated knowledge of network traffic security monitoring and analysis tools, SIEM tools and Security Operations Center (SOC) operations


* Emerging SIEM such as SNYPR, Exabeam, Empow


* Demonstrated experience and proficiency in the implementation and utilization of endpoint security monitoring solutions including but limited to Anti-Virus (AV), Nextgen Anti-Virus (NGAV), Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), and firewall tools



Relevant Certifications:

* Network +


* Security +


* GIAC Certified Incident Handler (GCIH)


* GIAC Certified Forensic Examiner (GCFE)


* GIAC Network Forensic Analyst (GNFA)


* GIAC Certified Intrusion Analyst (GCIA)



#LI-Remote

#LI-NA1

* Ankura is proud to be an equal opportunity employer committed to fostering a diverse and inclusive environment where mutual respect and collaboration is paramount. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity and expression, disability, protected veteran status, national origin, or any other legally protected status.

Keywords: Ankura, Cincinnati , Associate, Cybersecurity, Managed Detection and Response Analyst, Professions , Aurora, Ohio