IT Security Operations Analyst
Summary of Position
The Information Technology Security Operations Analyst (ITS-I) is responsible for the day-to-day operations of the enterprise security log management systems. The position reports to the IT Security Operations Team Lead in the Information Services Department and works closely with teams in other infrastructure and research areas to provide superior protection to the Laboratory’s information assets. The Information Services Department provides central Information Technology and Communications Services to the Laboratory.
Primary Duties
1.Responsible for day to day support and maintenance of the Enterprise Security Log management infrastructure.
a.) Maintain and update documentation, including standard operating procedures.
b.) Duties include but not limited to application management, tuning, patching, upgrades, capacity planning and vendor coordination.
2. Assists the IT Security Threat Assessment Team with log analysis for supporting System of Interest reviews and dashboard reporting
a.) Investigate new ways to analyze log data to identify trends and patterns that could indicate malicious system behaviors.
b.) Maintain, develop and implement custom reports and dashboards to support the ISD and Security Services Department requirements.
3. Responsible for day to day operations support for IT Security infrastructure systems. Infrastructure systems include IDS/IPS, Proxy, Full Packet Capture systems
a.) Maintain and update documentation, including standard operations procedures.
b.) Duties include but not limited to system troubleshooting, vendor coordination, OS patching and updating.
Requirements:
· Bachelor’s Degree in Computer Science, Information Technologies, Engineering or equivalent experience preferred.
· 3 years experience in the information security technology field required.
· 2 years experience with Splunk log management
· Knowledge of standard log formats for infrastructure devices including proxies, mail services, identity management systems, firewalls, and other network devices.
· Familiarity with web and mail services logs.
· Proven ability to script in Perl or Python.
· Experience managing enterprise log management platforms (e.g., Splunk).
· Experience with IDS/IPS systems, Web Proxy and full packet capture systems.
· Excellent written and oral communication skills.
· Demonstrated ability to work in a fast-paced environment at times with minimal supervision and execute operations, project and administrative tasks with a high degree of quality, while following existing processes and establishing new operational procedures and best practices where necessary.
· Demonstrated ability to work with members of other teams and staff to achieve department and organizational goals.
· Working knowledge of security tools and devices.
· Basic understanding of TCP/IP.
– Strong working knowledge of the Linux Operating system
· Good understanding of the Windows Operating system (desktop and server)
· CompTIA Security+ or equivalent certification preferred.
· Strong working knowledge of network infrastructures – including firewalls, VPN’s, routers / switches, file and session encryption and cryptography methods, web application and device security (Preferred).
· Ability to obtain and maintain a government security clearance.
· Occasional off-hour/on-call support is necessary. A certain degree of flexibility of schedule is required as some work (planned/unplanned) must be done outside of major production hours during pre-scheduled maintenance windows.
Article source: http://jobview.monster.com/IT-Security-Operations-Analyst-Job-Lexington-MA-US-104401366.aspx
View full post on National Cyber Security