Cyber Security Analyst-Incident Detection & Response Architect

JOB DESCRIPTION:
Responsible for planning, designing, and implementing a process for cyber security monitoring, incident detection, and incident response.

RESPONSIBILITIES:

- Responsible for the maintenance, operations, development, engineering and implementation of CyberSOC security tools and capabilities.
- Support and maintain Splunk indexers, search heads, deployment server and infrastructure in high availability configuration.
- Configure, deploy, manage, tune Splunk forwarders across a variety of Windows and Linux platforms.
- Create and maintain Splunk dashboards and reports utilizing Splunk Enterprise Security application.
- Identify and implement new tools and capabilities including Splunk features, use cases, community projects and other applications that may be applicable to the enterprise.
- Provide support and administration for the enterprise anti-virus (AV)/end-point protection platform.
- Mentor and train users on Splunk, AV, IDS and other analysis tools.
- Create and maintain documentation for support of suite of security tools.
- Lead implementation efforts for automation of processes and procedures.
- Provide support and administration of other security tools such as IDS, open source tools, etc.

SKILLS:

EDUCATION/EXPERIENCE:

- Bachelor's degree in Cyber/Information Security or related discipline.
- Minimum 3 years working with Splunk in 24x7 environment.
- Experience configuring and customizing Splunk Enterprise Security app.
- Working knowledge of log management, security event, and application monitoring practices.
- Good understanding of Linux and Windows operating systems and internals.
- Proficient in Perl, Python or Shell Scripting.
- In depth understanding of network architecture fundamentals including TCP/IP, DNS, Firewalls, routing, and troubleshooting.
- In depth understanding of IT system management practices and processes including troubleshooting, optimization, system hardening and change management.
- Experience managing security tools in enterprise environments (Symantec Endpoint Protection, Snort, Bro, FireEye, Ironport, Jira, etc).
- Experience with application whitelisting, device controls, egress filtering, data analytics, threat intelligence, or vulnerability management a plus.