Threat Intelligence and Detection Engineer Analyst

Responsibilities

The Threat Intelligence Analyst is a key member of the Threat Operations Team and will be responsible for supporting alarm research and development in our proprietary security platform as well as performing research on emerging threats and providing communication to our customers. This person will act as a technical expert in our detections as well as a collaborative point of escalation for our Security Operations team. Your ability to analyze logs, actively pursue the most cutting-edge industry news and events, think like an attacker, and correlate information across wide data sets will be critical in this position. This position can work remote with occasional onsite support required in our Tempe, Arizona office.

Qualifications

• 5 years of experience with SIEM alarm development experience.
• Previous MSSP experience is strongly preferred, but not required.
• Ability to craft, maintain, and document detection/alarming opportunities within a SIEM including assisting with research and development and alarm creation using Splunk Query Language (SQL), Regular Expressions (RegEx), YAML, etc.
• Ability to correlate raw logs into valuable and actionable, context rich alerts using industry knowledge of threat actor techniques.
• Ability to research current threats and industry trends to be aware of the most up-to-date threats affecting the environments under our vigilance that can be used to enhance alarming and detection.
• Customer-first mindset with strong written, verbal, and interpersonal communication skills along with the ability to work in a highly collaborative environment as this is a customer facing role.
• Strong ability to translate technical concepts and information into a form easily consumed by non-technical stakeholders.
• Strong ability to self-direct and work independently, learn new things, think creatively and demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and adapt to new requirements.
• Strong adherence to defined workflow and processes using an automation first mindset.
• Ability to correlate activity across multiple ingest sources and large data sets.
• Must have familiarity with various network and endpoint products and their logs.
• Demonstrated knowledge of common/emerging attack techniques.
• Strong understanding of the Diamond Model, Analysis of Competing Hypotheses, MITRE ATT&CK, the Cyber Kill Chain, and/or knowledge of cyber threat intelligence terminology, key concepts, and analysis and how to operationalize these for performing job duties.
• Proficiency in a SIEM query language, Splunk Query Language is preferred.
• The candidate must be able to meet and uphold CJIS requirements.
• The candidate must have a car, as this position requires travel between location and the transportation of equipment
• A valid driver’s license and proof of vehicle insurance will be required
• Legally authorized to work in the US without sponsorship
• Must demonstrate a “can-do” attitude

We focus on candidates that display our “ACE” factor – Attitude, Compassion, and Enthusiasm to deliver quality solutions with exceptional customer service.

What you get:

We offer an energetic work environment with many corporate culture amenities, competitive salary, and rich benefit plan including: Medical, Dental, Vision, 401K, 529, Life Insurance, Income Protection Short and Long-Term Disability, Medical and Child/Elder Care, Flexible Spending Account Plans, Family Planning Benefits, Financial Education, Identity Theft Protection and Assistance, Legal Services, Employee Assistance Program, Two weeks’ vacation, additional paid time-off for Personal and Sick, certification and hands-on training, and employee discount for product services and entertainment.

Overview

MOTIVATED…..make IT happen!

Sentinel Technologies, Inc. has been rated a top workplace every year since 2012!

About Us:      

Sentinel delivers solutions that can efficiently address a range of IT needs – from security, to communications, to systems & networks, to software applications, to cloud and managed services; all of which include our staffing solutions for our clients. Since 1982, Sentinel has grown from providing technology maintenance services to our current standing as one of the leading IT services and solutions provider in the US. We have aligned with many of today’s global technology leaders including Cisco, Dell, VMware and Microsoft. Sentinel services customers both nationally and internationally with primary support operating centers in Downers Grove (HQ), Chicago, and Springfield, IL; Phoenix, AZ.; Lansing, and Grand Rapids, MI; Milwaukee, WI; and Denver, CO.

If you are MOTIVATED… you can make IT happen at Sentinel. Our commitment to our employees is to create a work environment that encourages creativity, an entrepreneurial spirit, fosters growth through certification and hands-on training, and values a team-oriented culture with rewards based on impact!

If you share our passion about what technology can do and want to be part of a top workplace environment – we’d like to have you join our team.  Learn more at www.sentinel.com/careers.

As part of Sentinel's employment process, candidates will be required to complete a background check. Only those who meet the minimum requirements will be contacted. No phone calls please.

Sentinel is proud to be an equal opportunity/affirmative action employer committed to a diverse and inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, marital status, genetics, disability, pregnancy, veteran status or any other basis protected by law.

If you are an individual with a disability and need assistance in applying for a position, please contact SentinelHR1@sentinel.com.