CyberSecOps Analyst

ASGN - Boston, MA

posted 2 months ago

Full-time - Entry Level
Boston, MA
Administrative and Support Services

About the position

Apex Systems is seeking a CyberSecOps Analyst to join our team in Boston, MA. This position is integral to our Cyber Security Operations, where you will be responsible for monitoring, detecting, and responding to security incidents. The CyberSecOps Analyst will work closely with the Security Operations Center (SOC) to review alerts, manage identity alerts, and respond to ServiceNow tickets. You will also be tasked with reviewing daily reports and threat feeds to identify relevant issues that may impact our security posture. In this role, you will configure alerts in our Splunk SIEM system, maintain a query repository, and ensure compliance with data hygiene and the Common Information Model (CIM). Your responsibilities will include conducting threat hunting activities, utilizing custom Indicators of Attack (IOAs), and reviewing network traffic to identify abnormal events. You will also develop metrics dashboards for security tools and provide recommendations for security improvements, ensuring that all security controls are documented and functioning as intended. The CyberSecOps Analyst will conduct vulnerability assessments of infrastructure and applications, communicate identified risks to stakeholders, and perform continuous monitoring of the security posture. You will manage events in the Security Information and Event Management (SIEM) system and respond to various security alerts, including virus alerts and zero-day vulnerabilities. Staying updated on information security issues and regulatory changes is crucial, as you will develop and recommend security solutions based on business needs and industry best practices. Additionally, you will assist with emergencies, provide deskside support to end users, and contribute to the continuous improvement of the MassDOT information security program. This position requires a strong work ethic, effective communication skills, and the ability to work collaboratively in a team environment.

Responsibilities

  • Review and respond to Security Operations Center alerts.
  • Review and respond to Endpoint Detection and Response alerts.
  • Manage Identity alerts and respond to ServiceNow tickets.
  • Review daily reports, system-generated reports, and threat feeds for relevance or issues.
  • Configure alerts based on gaps in proactive and responsive measures in Splunk SIEM.
  • Maintain a query repository for regular tasks and improve dashboard visibility across sources.
  • Ensure data hygiene and CIM compliance with the data model.
  • Conduct threat hunting by tracking common and novel techniques, tactics, Indicators of Compromise (IOCs).
  • Utilize custom Indicators of Attack (IOAs) and EDR SOAR workflows for automated response and remediation.
  • Review network web proxy and firewall traffic to identify and address consistent abnormal or block events.
  • Develop metrics dashboards for security tools.
  • Enhance network visibility across firewall and web proxy logs.
  • Provide recommendations for security improvements, including hardening and content blocking.
  • Audit and validate the deployment of security controls to meet standards, guidelines, and compliance requirements.
  • Ensure controls are documented and functioning as intended.
  • Verify that infrastructure and applications adhere to MassDOT's information security policies and standards.
  • Audit, report, and maintain a log of all policy violations.
  • Conduct vulnerability assessments of infrastructure and applications to identify and document gaps and risks.
  • Communicate identified gaps, risks, and vulnerabilities to customers.
  • Perform continuous monitoring and analyze the security posture related to infrastructure and applications.
  • Manage and address events in MassDOT's Security Information and Event Management (SIEM) system.
  • Monitor and respond to security alerts, including virus alerts, breach notifications, zero-day vulnerabilities, and trending threats.
  • Stay updated on information security issues, best practices, and regulatory changes affecting transportation and information security.
  • Develop and recommend security solutions based on business needs, regulatory requirements, and industry best practices.
  • Understand risk management frameworks and apply them effectively.
  • Respond courteously and professionally to inquiries from customers, vendors, and colleagues.
  • Assist with emergencies and events as needed, which may include driving a company or personal vehicle.
  • Provide on-call support as necessary.
  • Perform other related duties and projects as assigned.
  • Provide deskside support to end users when necessary to gather evidence for an investigation.

Requirements

  • Two plus (2+) years of training or practical experience in cyber security operations.
  • Strong work ethic, great time management, and highly inclusive team player.
  • Effective verbal and written communicator, with excellent writing skills.
  • Authorization to work indefinitely in the U.S.

Nice-to-haves

  • Bachelors degree or equivalent in Cyber/Information Security.
  • Industry certifications such as CISSP.
  • Previous experience on a Cyber Security Operations team in a large organization.

Benefits

  • 401K
  • medical/health benefits options
  • W2 hourly rate
  • weekly pay
  • direct deposit

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service