Senior Insider Threat Security Analyst

ROLE DESCRIPTION SUMMARY

SES'sSenior Insider Threat Security Analystfocuses on advancing SES's Information Security threat and compliance program by security monitoring, threat & vulnerability management, and delivering professional reports including findings and recommendations. TheSenior Insider Threat Security Analystis expected to be fully aware of the enterprise's security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.

PRIMARY RESPONSIBILITIES / KEY RESULT AREAS

• Lead incident response in response to Insider security events and incidents.
• Correlation and trend analysis of security logs, network traffic, security alerts, events, and incidents. Perform in-depth root cause analysis and diligently gather information prior to escalation for future root cause analysis. Event and incident handling consistently with applicable plans and processes.
• Analyzing, triaging, aggregating, escalating, and reporting on Insider security events including investigation of anomalous network activity, and responds to cyber incidents within the network environment.
• Continuous & persistent monitoring of security technologies/tool data and network traffic which result in security alerts generated, parsed, triggered, or observed on in-scope networks, systems, or security technologies.
• Rapidly assess network traffic, detect data anomalies, and provide detailed reporting on the same.
• Correlation and trend analysis of security logs, network traffic, security alerts, events, and incidents. Perform in-depth root cause analysis and diligently gather information prior to escalation for future root cause analysis.
• Insider threat event and incident handling consistent with applicable plans and processes. Integration of activities with standard reports, such as Insider security metrics reports.
• Lead team/project meetings and technical meetings appropriate for the content.
• Ensure tasks and projects are completed on schedule.

COMPETENCIES

• Strong organizational skills and ability to stay focused while managing multiple tasks concurrently.
• Understanding of current attack tools, tactics, procedures, and how to detect and/or mitigate them.
• Strong critical thinking/analytical skills, creativity, and a proven drive for quality

QUALIFICATIONS & EXPERIENCE

1. Must Have

• Four-year college degree in the technical field of study or equivalent work experience
• Technical knowledge and aptitude in the areas of networks, network topologies, remote network access, servers, applicable software and troubleshooting techniques required.
• Experience working in a SOC or similar environment.
• Experience with reviewing IDS/IPS, EDR, Firewall and other security/audit logs
• Experience monitoring and analyzing Security Information and Event Management (SIEM) to identify security issues for remediation, and rules fine tuning.
• Consolidate and conduct comprehensive analysis of Insider threat data obtained from security tools and make recommendations for optimizing various tools.

1. Nice to Have

• Participates in the planning, design, and implementation of enterprise security architecture.
• Experience with Insider threat management tools and experience working on an Insider threat management team.
• One or more of the following security certifications: Security+, CEH, CYSA+, GCIA,GSEC, GCIA, GMON and GCDA