The Cybersecurity Analyst will coordinate the preliminary response activities for cyber security incidents across the company environment. The successful candidate will focus on preliminary identification and analysis of potential cyber security incidents. The successful candidate will perform triage functions such as email review, log analysis, analysis of network traffic and endpoint systems, enrich data, and will be responsible for escalating and assigning the incidents to level two incident handlers.
Candidates should have a basic understanding of incident response processes, network investigative techniques, and cyber security trends and issues along with SIEM and SOAR technologies and uses. Candidates should have a basic working knowledge of Fire Eye, Microsoft Defender, Splunk, Armis.
Candidates must be fully vaccinated against Covid-19, provide proof of full vaccination to be considered, and willing to work onsite full-time. Responsibilities
- Understand CSIRT functions and participates in the triage of cyber security events.
- Receive and analyze alerts from various sources within the enterprise and determine possible causes of such alerts.
- Triage logs from various security controls, including, but not limited to, firewall, proxy, host intrusion prevention systems, endpoint security, application, and system logs, to identify possible threats to network security.
- Enrich security event data to streamline the incident response process using SIEM and other correlation technologies.
- Perform incident triage, documentation, and escalation of appropriate incidents to cyber security incident handlers.
- Maintain proper documentation and creation of reports.
- Minimum 1-2 years' hands-on experience working in incident response and/or other IT-related fields tied to networking and enterprise information system environments.
- Bachelor's Degree in a technical discipline preferred.
- Interest in the cyber security field including a specific focus on the following domains: enterprise security defense, network and application penetration testing, and incident response.
- Basic knowledge of network protocols, enterprise architecture, and common network logging functions.
- Good written and verbal communications skills are a must.
- Ability to prioritize assignments and efforts in a complex work environment.
- Self-motivated and able to work in an independent manner.
- Must be detail-oriented and willing to learn.
Donnelly & Moore is proud to be an Equal Opportunity Employer
- Industry certifications such as CEH, CISA, Security + are desirable.
We celebrate and embrace the diverse cultures, perspectives, skills and experiences within our workforce, and strive to empower each individual. When you are hired by Donnelly & Moore you enjoy these benefits:
DONNELLY & MOORE reserves the right to contract only with direct employers/sponsors of applicants and will not contract with intermediaries of applicants. Donnelly & Moore Corporation may request proof of such direct employment/sponsorship prior to considering any applicant "
- A 401K Retirement Savings Plan administered by ADP
- Eligibility to Purchase Medical, Dental & Vision insurance through Donnelly & Moore