Security Operations Analyst
$132,566 - $132,566/Yr
Aclu - New York, NY
posted 19 days ago
Full-time - Mid Level
Hybrid - New York, NY
Executive, Legislative, and Other General Government Support
About the position
The ACLU is seeking a full-time Security Operations Analyst to join its Information Security Department in New York, NY. This hybrid role involves working in the office two days a week and focuses on enhancing the organization's cybersecurity posture. The analyst will be responsible for operating and monitoring security tools, managing incident responses, and collaborating with various teams to ensure the security of the ACLU's digital systems and data.
Responsibilities
- Operate and manage detection platforms, including SIEM and XDR, to ensure visibility across the environment.
- Collaborate with other technology teams to optimize logging and monitoring configurations, supporting detection engineering initiatives.
- Develop and maintain custom detection rules and playbooks to enhance detection capabilities and streamline incident response.
- Lead initial triage, containment, and investigation of security incidents, utilizing forensics and attack reconstruction techniques.
- Collaborate with cross-functional teams on crisis readiness exercises, containment strategies, and ongoing incident handling.
- Implement and maintain tools and strategies to identify potential insider threats.
- Monitor, assess, and respond to suspicious behavior patterns with other security team members.
- Support operational resilience efforts, including backup and recovery validation, business continuity planning, and disaster recovery simulations.
- Ensure secure failover capabilities and support regular testing of backup systems and disaster recovery processes.
- Integrate threat intelligence feeds and participate in threat hunting activities to proactively identify and mitigate risks.
- Manage and optimize prevention, detection, and response capabilities in the ACLU's security stack.
- Act as a liaison between the managed SOC and the ACLU's internal security team to maintain high standards of threat monitoring and response.
Requirements
- Significant experience in a security operations role with hands-on experience in detection and response, incident handling, or SOC environments.
- Experience selecting, managing, or coordinating with Tier 1 managed SOC providers is highly preferred.
- Proficiency in Microsoft Sentinel and experience with security tool integrations.
- Familiarity with common Palo Alto, Microsoft, and AWS security tool stacks.
- Knowledge of Network Security Groups (NSGs), firewall rules, and segmentation best practices.
- Strong understanding of threat intelligence integration, threat hunting, and advanced detection engineering practices.
- Strong analytical skills with the ability to triage, contain, and respond to incidents effectively.
- Excellent communication and collaboration skills, with experience working cross-functionally.
- Ability to work independently and proactively within a high-stakes environment, managing multiple priorities.
Benefits
- Health insurance
- Dental insurance
- Paid time off
- Parental leave
- Vision insurance
- 401(k) matching
- Professional development assistance
- Loan forgiveness
