15 days ago
The Tier 2 Analyst is responsible for the successful completion of all procedures executed during his/her presence in the CSARC (Cyber Security Analysis & Response Center). The Tier 2 Analysts owns the documentation and measurement of all subordinate procedures as well as continuous improvements. These senior analysts will gather information for cyber security events, collate it into an accessible format and ensure its proper dissemination. Tier 2 analysts will be responsible for the Subtle Event Process long-term analysis and deep dive investigation into network activity.
Duties and Responsibilities
* Monitor Tier 1 Analyst performance investigating incoming events using available CSARC- tools.
* Serve as point of escalation for Tier 1 Analysts and ensure Tier 1 event(s) are addressed in a timely manner using available reporting and metrics.
* Approve and, if necessary, further investigate Tier 1-escalated events.
* Mentor and identify training needs for level 1 analysts to improve detection capability within the CSARC.
* Manage CSARC event and information intake to include gathering intelligence reports, monitoring ticket queues, investigating reported incidents, and interacting with other security and network groups as necessary.
* Serve as detection authority for initial incident declaration.
* Serve as shift subject matter experts on incident detection and analysis techniques providing guidance to junior analysts and making recommendations to organizational managers.
* Drive and monitor shift-related metrics ensuring applicable reporting is gathered and disseminated per CSARC requirements.
* Collaborate with other CSARC teams on security research and intelligence gathering.
* 5 years of Information Technology related experience.
* 1-2 years SOC related experience.
* Experience managing cases-incidents and enterprise SIEM systems.
* A solid understanding of networking, cyber security concepts, vulnerability identification and cyber threat intelligence is necessary.
* Excellent communications skills, that includes the ability to provide formal documentation of analysis and/or research results to include briefings, reports, writing, training of lower tiers, and editing at a technical/professional level.
* Aptitude in solving problems independently.
* Sound decision-making ability.
* Must be detail oriented, well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
* Strong analytical and time management skills.
* Work with minimal supervision as an individual contributor and as part of the team.
* Availability to work a flexible schedule including nights and weekends; CSARC is 24x7x365 environment. The role is shift work and requires team members to be on time daily.
* Information Security Certification such as: Security+, CISSP, CISM, CISA, CEH, GCIH, GCIA, GCFA, GREM.
* Python scripting.
* Works well both in a team environment and independently.
Additional Locations: None
Requisition ID: 16000
Nearest Major Market: Phoenix
Information Security, Technology