logo

View all jobs

Threat Detection & Response Analyst

Nashville, TN

Threat Detection & Response Analyst

Primary Location TN-Nashville-3401 West End Ave

6+ Months

 

JOB SUMMARY:

The Threat Detection & Response Analyst conducts computer and network intrusion detection, incident response, forensic investigations, data recovery and electronic discovery under occasional guidance. The Threat Detection & Response Analyst conducts small and medium scale threat analysis for the environment. Troubleshoots and resolves complex security issues. Implements small and medium technology projects or components of large projects. Ability to solve medium to complex problems.

 

KEY RESPONSIBILITIES

This role is remote BUT resource MUST be local to Nashville,TN area for onsite interview. Onsite work will happen but not often.

  • Performs intrusion detection and incident response.
  • Conducts computer investigations.
  • Conducts threat analysis for the environment.
  • The responsibilities listed are a general overview of the position and additional duties may be assigned.

Level P2 Security Analyst threat detection

Threat hunting – threat discovery

Threat discovery in the feeds / logs

Alert triage

Working with Jira / documentation

Help with rolling out new threat detection tools

End point protection

Will have to address and investigate issues but will have side projects that they will work on when they aren’t working tickets

Would like someone who has come out of Systems Administration understands Windows and Linux

Understand Network Protocols

Interpret network traffic

Understand Active Directory

If someone has any forensic experience that would be great BUT this is not a forensic shop

Security + certification

Preferred certs GCIH, GCIA, GNFA, GCFA, G sec (He sent an email with a list of certifications)

1 year doing alert triage would be great

Someone who wants to do mostly forensic work will not work

Scoping incidents - Someone who is good at following a process

Malware Analysis

Definitely a team environment

Someone who can commute into Nashville if needed. Within one or two hours would be OK if the person is good with that. Wont happen too often but ill happen.

**This is not a senior level person. If we can find someone who was a Systems or Network Admin who moved into security that would be great. Even if they have 1 year of experience in security that could work. Need to have a great attitude and willing to learn.

 

TECHNICAL CAPABILITIES:

ANOMALY AND INTRUSION DETECTION (NOVICE):- Possesses sufficient fundamental proficiency to successfully demonstrate Intrusion and Anomaly Detection practices in practical applications of moderate difficulty. Has a basic understanding of network behavior analysis techniques and tools. Capable of using various detection systems and software.

INCIDENT RESPONSE (NOVICE):- Demonstrates the ability to respond quickly to reports from individuals. Takes immediate action to stop a cybersecurity incident from continuing or recurring. Determines whether an incident should be handled locally or reported to the IT Security Response Team. Works with the IT support staff to repair a system, restore service, and preserve evidence of the incident. Handles sensitive and other critical responses in a professional manner. Evaluates and documents investigation findings after resolving an incident. Capable of using various computer forensic systems and software.

MALWARE ANALYSIS (NOVICE):- Possesses sufficient fundamental proficiency to successfully demonstrate Malware Analysis in practical applications of moderate difficulty. Has determined the behavior and purpose of a simple malware threat and eliminated it from the Company's computers. Familiar with Dynamic Analysis, the analysis of software during its execution on a computer or in a virtual machine, and Static Analysis, the method to look at the component without any execution on the component itself. Has used basic Malware Analysis tools and products.

NETWORK AND SYSTEMS FORENSICS (NOVICE):- Possesses sufficient fundamental proficiency to successfully demonstrate Digital Forensics capability on system and network data in practical applications of moderate difficulty.

THREAT DATA (NOVICE):- Proficient to review and collect pertinent Indicators of Compromise and other threat data from available sources (feeds, community communications, etc) to feed into existing Intrusion Detection systems and processes, to enhance discovery of threats in the environment.

SECURITY POSTURE ASSESSMENT (NOVICE):- Demonstrates the ability to successfully review basic Internet connections and internal networks to identify standard hacker/cracker threats. Able to review the configuration of server and major network applications to identify configuration errors and other problems that weaken organizational systems and increase their likelihood of misuse. Has conducted an assessment of at least one of the following: [1] access controls, governing access to applications and files, [2] password controls, determining permissible choice of passwords and governing the requirement to change passwords, [3] connectivity controls [e.g., open ports/ enabled protocols] influencing permissible communications to and from a computer system, [4] inappropriate files [including viruses, worms, Trojan horses, bootleg software, music files, inappropriate image files], and [5] unpatched software, bringing attention to available security-related patches that have not been deployed. Has basic knowledge of several of the following: network foot-printing, port scanning, and enumeration techniques, specific operating system vulnerabilities [like Win-NT, *nix,Win-2K, Solaris], web server vulnerabilities, application level exploits, worms, viruses, and Trojans, network vulnerabilities, sniffing, wireless sniffing, IP spoofing, and PPTP/VPN breaking. Generate security reports for management that show system safety and incident reporting.

More Openings

Sr IT Manager
HR Manager
Data Center Technician

Share This Job

Powered by