Cyber Security Operations Analyst

$122,720 - $122,720/Yr

Trillium Staffing - Boston, MA

posted 3 months ago

Full-time
Boston, MA
Administrative and Support Services

About the position

Trillium Professional is seeking a Cyber Security Operations Analyst to join a dedicated team in Boston. This role is integral to the Cyber Security Operations team, consisting of four members, and will report directly to the Director of Cyber Security Operations. The Cyber Security Operations Analyst will work closely with the Chief Information Security Officer (CISO) to enhance the organization's security posture. The ideal candidate is a self-starter with a strong passion for cyber threat hunting and the ability to collaborate effectively within a small team. Strong written and verbal communication skills are essential for success in this position. The Cyber Security Operations Analyst will be responsible for a variety of tasks, including responding to alerts from the Security Operations Center and Endpoint Detection and Response systems. The role involves managing identity alerts and responding to ServiceNow tickets, as well as reviewing daily reports and threat feeds to identify relevant issues. Additionally, the analyst will configure alerts in Splunk SIEM based on identified gaps and maintain a query repository to improve dashboard visibility across various data sources. Ensuring data hygiene and compliance with the Common Information Model (CIM) is also a critical aspect of this role. In terms of threat detection and incident response, the analyst will conduct threat hunting activities, tracking both common and novel techniques, tactics, and Indicators of Compromise (IOCs). The use of custom Indicators of Attack (IOAs) and automated response workflows will be essential for effective remediation of detected threats. The analyst will also review network web proxy and firewall traffic to identify and address any abnormal events. Monitoring and visibility recommendations will be a key responsibility, where the analyst will develop metrics dashboards for security tools and enhance visibility across firewall and web proxy logs. The role includes providing recommendations for security improvements, auditing the deployment of security controls, and ensuring compliance with MassDOT's information security policies. The analyst will also conduct vulnerability assessments to identify and document gaps and risks, communicate these findings to customers, and perform continuous monitoring of the security posture related to infrastructure and applications. Staying updated on information security issues, best practices, and regulatory changes is crucial for this role. The analyst will develop and recommend security solutions based on business needs and regulatory requirements, while also understanding and applying risk management frameworks effectively. The position may require on-call support and the ability to assist with emergencies, including providing deskside support to end users when necessary. Overall, the Cyber Security Operations Analyst will contribute to the continuous improvement of the MassDOT information security program.

Responsibilities

  • Review and respond to Security Operations Center alerts.
  • Review and respond to Endpoint Detection and Response alerts.
  • Manage Identity alerts and respond to ServiceNow tickets.
  • Review daily reports, system-generated reports, and threat feeds for relevance or issues.
  • Configure alerts based on gaps in proactive and responsive measures.
  • Maintain a query repository for regular tasks and improve dashboard visibility across sources.
  • Ensure data hygiene and CIM compliance with the data model.
  • Conduct threat hunting by tracking common and novel techniques, tactics, Indicators of Compromise (IOCs), and applying measures for detected threats.
  • Utilize custom Indicators of Attack (IOAs) and EDR SOAR workflows for automated response and remediation.
  • Review network web proxy and firewall traffic to identify and address consistent abnormal or block events.
  • Develop metrics dashboards for security tools.
  • Enhance network visibility across firewall and web proxy logs.
  • Provide recommendations for security improvements, including hardening and content blocking.
  • Audit and validate the deployment of security controls to meet standards, guidelines, and compliance requirements.
  • Ensure controls are documented and functioning as intended.
  • Verify that infrastructure and applications adhere to MassDOT's information security policies and standards.
  • Audit, report, and maintain a log of all policy violations.
  • Conduct vulnerability assessments of infrastructure and applications to identify and document gaps and risks.
  • Communicate identified gaps, risks, and vulnerabilities to customers.
  • Perform continuous monitoring and analyze the security posture related to infrastructure and applications.
  • Manage and address events in MassDOT's Security Information and Event Management (SIEM) system.
  • Monitor and respond to security alerts, including virus alerts, breach notifications, zero-day vulnerabilities, and trending threats.
  • Stay updated on information security issues, best practices, and regulatory changes affecting transportation and information security at both state and national levels.
  • Develop and recommend security solutions based on business needs, regulatory requirements, and industry best practices.
  • Understand risk management frameworks and apply them effectively.
  • Respond courteously and professionally to inquiries from customers, vendors, and colleagues.
  • Assist with emergencies and events as needed, which may include driving a company or personal vehicle.
  • Provide on-call support as necessary.
  • Perform other related duties and projects as assigned.
  • Provide deskside support to end users when necessary to gather evidence for an investigation, provide advice on safe computing practices, and to diagnose systems as SME for security tools, attack tactics & techniques, and forensic analysis.
  • Contribute to the continuous improvement of the MassDOT information security program.

Requirements

  • Two plus (2+) years of training or practical experience in IT Operations.
  • Two plus (2+) years of training or practical experience in cyber security operations.
  • Strong work ethic, great time management, and highly inclusive team player.
  • Effective verbal and written communicator, with excellent writing skills.
  • Authorization to work indefinitely in the U.S.

Nice-to-haves

  • Bachelor's degree or equivalent in Cyber/Information Security.
  • Industry certifications such as CISSP.
  • Previous experience on a Cyber Security Operations team in a large organization.

Benefits

  • Competitive hourly pay of $59 per hour.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service