Position :- Lead Cyber Security Analyst

Location: Must be local to Hybrid/Deerfield Beach, FL

Duration:12 months

Experience with

· Logs – search the log needed and figure out if the log is being correlated directly

· Alerts –

· Creating Alerts

· Correlation searches – A must have

· Mitre Attack framework – A must have

· Experience with Dashboards and incident response vulnerability management – A must have

Some of the tools they use:

· Sentinel One

· Defender

· Halcyon

· Tanium

Responsibilities include but not limited to:

· Establish trust and business relationships with customer and other relevant stakeholders

· Perform analysis and quality assurance for analyst product and work.

· Technical lead for Security Incidents

· Accountable for all Security Incidents tracked and Investigated by the Security Operations team.

· Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.

· Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high quality analysis and work products

· Capture Cyber security metrics in direct-support to executive-level briefings (daily, weekly, monthly)

· Contribute to and lead improvements to the Security Operations monitoring, hunting, and incident management processes.

· On critical security incidents, acts as incident manager and primary point of contact.

· Lead Post-Incident Reviews.

· Perform other related duties as assigned.

· Creation and upkeep of attack vector specific playbooks for security incidents.

· Accountable to lead all security incidents to timely and proper closure.

· Responsible to be the Incident commander that drives the activities all individual involved in the incident. 

a. Each incident will also be assigned a SecOps Analyst who will have responsibilities for a majority of the activities.

b. This role will also be responsible for driving individuals from other companies and areas, including vendors, JM TechOps, and the JM Business.

· Timely reporting/updates on all relevant threats and incidents to management.

· Able to oversee multiple investigations/incidents concurrently providing proper direction to each work stream.

· Take’s appropriate “Preparation” steps – creating knowledge, artifacts, and tools to be used during an actual incident.

Qualifications/Requirements:

· Bachelor’s Degree in IT related field or higher OR 10 years’ experience in an information technology field with a minimum of 3 years of cyber security response experience on a SOC/CIRT Team.

· Experience leading SOC teams during cyber monitoring, hunting, and incident response investigations is required.

· Experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.

· Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments.

· General knowledge and understanding of information security and privacy-related regulations.

· Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment

· Experience driving measurable improvement in monitoring and response capabilities at scale.

· Critical thinking skills and the ability to solve problems as they arise

· Experience performing forensics, malware reverse engineering, and penetration testing

· In-depth understanding of security issues across many different platforms and capability to articulate and communicate these issues to both technical and non-technical audiences

· Strong written and verbal communication skills required.

Certified Information Systems Security Professional (CISSP)

GIAC Certifications 500 Level and Above