Sr. Cyber Security Analyst (EDR)

Konica Minolta - Phoenix, AZ

posted 16 days ago

Full-time - Mid Level
Phoenix, AZ
Rental and Leasing Services

About the position

The Sr. Cybersecurity Analyst is a key role within the Security Operations Center (SOC) at Konica Minolta, responsible for providing security monitoring and protection services to SIEM and MEDR customers. This position requires a high level of expertise in cybersecurity, focusing on the analysis of security events and providing tier 2 investigation support. The analyst will also contribute to the lifecycle ownership of managed security services, including onboarding new customers and operational support, while collaborating closely with various teams within the organization.

Responsibilities

  • Lead security incident investigations, conducting in-depth technical analysis including host and network-based forensics.
  • Evaluate security solutions and monitor various security blogs, alerts, notifications, RSS feeds, and forums to stay updated on the latest security news, attacks, threats, vulnerabilities, and exploits.
  • Review and analyze data and network traffic from numerous security tools to detect traffic anomalies, identify infected systems, and determine lateral movement of infections across the network.
  • Contribute to incident response, maintaining relevant communication in emails, ticket summaries, analysis, and reporting, and work with Incident Handlers to provide recommendations for remediation of compromised systems.
  • Perform malware analysis, identify areas of persistence on user devices, and detect indicators associated with malware or specific Advanced Persistent Threat (APT) techniques.
  • Review, create, or document standard operating procedures, recommendations, project-specific documents, and resource guides as needed.

Requirements

  • Minimum 5 years' experience in the Cyber Security field, with senior level experience analyzing and responding to alerts from a SIEM & EDR platform.
  • 2-3 years' experience administering & providing operational support in security disciplines such as incident response, threat hunting, investigations, security infrastructure management, or monitoring services.
  • 1+ years experience in content management work, including developing custom detection rules, custom integrations, and developing scripts.
  • SentinelOne experience is highly preferred.
  • Industry standard information security and incident response certifications (CISSP, GCIA, GCIH, GREM, etc.) are a plus.
  • In-depth knowledge of network intrusion methods, network containment and segregation techniques.
  • In-depth knowledge of operating systems (Windows & UNIX, Mac OS X a plus).
  • Expert understanding of TCP/IP networking, routing protocols, and full packet capture analysis.
  • In-depth network security expertise including firewall, IDS, and IPS.
  • Experience building baselines of network activity for use in anomaly detection.
  • Experience with proactive threat hunting techniques and concepts in an enterprise environment.
  • Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs).
  • Knowledge of typical behaviors of both malware and malware authors.
  • Static and dynamic malware analysis experience.
  • Experience using and writing custom signatures for IDS.
  • Digital forensics experience focusing on Windows systems from a malware perspective.
  • Knowledge of enterprise systems and infrastructure.
  • Proven understanding of log parsing and analysis at a large scale with data clustering tools or techniques.
  • Experience with a scripting language such as Perl, Ruby, Python, and BASH.

Nice-to-haves

  • Memberships and participation in relevant professional associations.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service