Description
We are looking for a Information Security Analyst for a 6months + contract position in Alpharetta, GA.
Skills:
- Expert-level understanding and knowledge of the principles of log management and preferably the RSA enVision toolset.
- Experience planning, scaling, implementing, monitoring, and troubleshooting an SIEM environment.
- Expert-level knowledge of the OSI model.
- Knowledge of core security principles and tool management that is product agnostic
- Clear understanding of Windows AD logs and events.
- Excellent problem-solving and technical skills dealing with technical users
- Must possess the ability to provide best practices subject matter expertise regarding log management system integration, alerting and reporting.
- High analytical skills: must be able to perform analysis and tuning of all incoming security events for threat detection, and increase the efficiency of processing, maximize true threat identification, and ensure accurate reports for auditing. Has the ability to draw meaningful conclusions from reported events, and implement appropriate reporting.
- Required to understand the business and technical requirements, architecture and design specifications and developing the associated content and documentation.
- Detail-oriented, self-motivated and disciplined, with excellent time management skills
- 5+ years of Information Technology experience
- 4+ years of Information Security experience
- 3+ years administrative experience deploying, configuring, troubleshooting, and maintaining SIEM components
- 3+ years engineering experience creating correlation, dashboard, and reporting content using SIEM
- Advanced knowledge of content creation concepts and best practices
- Advanced networking experience
- Excellent problem-solving and technical skills
- Experience with any combination of the following: Visio, Syslog, Syslog-NG, TCP/IP, Networking, Linux/Unix, Windows, OSX, Active Directory, Event Analysis, NIST standards and guidelines, Database Activity Monitoring, Oracle, SAN architecture, Firewalls, IPS/IDS, A/V, advanced networking, McAfee security products, MS SQL Server
- Multi-level Security Operations Center (SOC) experience a plus
- Preferably a CISSP, SANS GCIA or equivalent certificate holder.
Responsibilities:
- Administer, operate, and maintain SIEM environment, including installation, configuration, tuning, and maintenance of SIEM components, such as: event collectors, loggers, correlation engine, and databases.
- Upgrade and patch the SIEM and other security platforms to the latest versions.
- Install additional enVision appliances.
- Assist with the creation of detailed deployments plans, architectural drawings, and operation manuals.
- Develop processes and documentation to magnify the benefits of existing SecOps tools and skillsets across the enterprise.
- Perform security gap analysis in support of new products as well as the tuning of existing tools.
- Work with internal customers to develop requirements to meet their security objectives related to Log Management and SIEM.
- Provide Security Consulting services to IT and other Business Units to
- Create collaborative environment that encourages growth and information sharing including mentoring and educating team members.
- Review current reporting and compliance goals, and verify reports to ensure they are meeting these goals.
- Provide the highest level of support for all products offered by Security Operations.