Information Security Monitoring Analyst

The Information Security Monitoring Analyst is responsible for monitoring, analyzing, and responding to information and operational security alerts triggered by Security Information and Event Management (SIEM) and threat intelligence feeds.

Primary Responsibilities:

• Detect anomalies and potential security threats.

• Filter false positive alerts.

• Determine if a critical system or data set has been impacted.

• Provide technical analysis.

• Provide recommendations on containment and remediation.

• Escalate incidents when deep technical analyses are required.

• Use a variety of tools to analyze and investigate incidents.

• Take immediate action or recommend a course of action to safeguard QP.

• Document all incidents and create a clear narrative that supports conclusions.

• Support incident response activities.

• Work 12-hour shift patterns to provide 24/7 coverage.

Experience & Skills:

1. 5+ years' experience in a large-scale IT environment with a focus on Information Security and knowledge of Operational Technology.

2. 2+ years' operating experience with industry-leading SIEM products.

3. 1-3 years of previous Security Operations Centre experience conducting security investigations.

4. Good knowledge of IT, including multiple operating systems and system administration skills (Windows, Unix).

5. Good knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.

6. Strong understanding of security incident management and malware management processes.

7. Experience with web content filtering technology – policy engineering and troubleshooting.

8. Strong understanding of networking principles, including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.

9. Knowledge of security best practices and concepts, including vulnerability assessment and penetration testing.

10. Demonstrated ability to analyze, triage, and remediate security incidents.

11. Knowledge of Cyber Security principles, techniques, and technologies such as SANS Critical Security Controls and OWASP.

12. Knowledge of security-related technologies and their functions (IDS, IPS, FW, WAF, SIEM, etc.).

13. Certification in at least one industry-leading SIEM product.

14. Possession of industry certifications (OSCP, OCSE preferred, GCIH, SANS ICS, GCIA, Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), Certified Ethical Hacker (CEH), (CISSP), CHFI, SANS Cyber Threat Hunting, SANS GREM, SIEM/security tool equivalent technical certification).

Education:

• Bachelor’s degree in information security, computer science, or systems engineering.