Threat Detection & Response Analyst
Primary Location TN-Nashville-3401 West End Ave
The Threat Detection & Response Analyst conducts computer and network intrusion detection, incident response, forensic investigations, data recovery and electronic discovery under occasional guidance. The Threat Detection & Response Analyst conducts small and medium scale threat analysis for the environment. Troubleshoots and resolves complex security issues. Implements small and medium technology projects or components of large projects. Ability to solve medium to complex problems.
This role is remote BUT resource MUST be local to Nashville,TN area for onsite interview. Onsite work will happen but not often.
Level P2 Security Analyst threat detection
Threat hunting – threat discovery
Threat discovery in the feeds / logs
Working with Jira / documentation
Help with rolling out new threat detection tools
End point protection
Will have to address and investigate issues but will have side projects that they will work on when they aren’t working tickets
Would like someone who has come out of Systems Administration understands Windows and Linux
Understand Network Protocols
Interpret network traffic
Understand Active Directory
If someone has any forensic experience that would be great BUT this is not a forensic shop
Security + certification
Preferred certs GCIH, GCIA, GNFA, GCFA, G sec (He sent an email with a list of certifications)
1 year doing alert triage would be great
Someone who wants to do mostly forensic work will not work
Scoping incidents - Someone who is good at following a process
Definitely a team environment
Someone who can commute into Nashville if needed. Within one or two hours would be OK if the person is good with that. Wont happen too often but ill happen.
**This is not a senior level person. If we can find someone who was a Systems or Network Admin who moved into security that would be great. Even if they have 1 year of experience in security that could work. Need to have a great attitude and willing to learn.
ANOMALY AND INTRUSION DETECTION (NOVICE):- Possesses sufficient fundamental proficiency to successfully demonstrate Intrusion and Anomaly Detection practices in practical applications of moderate difficulty. Has a basic understanding of network behavior analysis techniques and tools. Capable of using various detection systems and software.
INCIDENT RESPONSE (NOVICE):- Demonstrates the ability to respond quickly to reports from individuals. Takes immediate action to stop a cybersecurity incident from continuing or recurring. Determines whether an incident should be handled locally or reported to the IT Security Response Team. Works with the IT support staff to repair a system, restore service, and preserve evidence of the incident. Handles sensitive and other critical responses in a professional manner. Evaluates and documents investigation findings after resolving an incident. Capable of using various computer forensic systems and software.
MALWARE ANALYSIS (NOVICE):- Possesses sufficient fundamental proficiency to successfully demonstrate Malware Analysis in practical applications of moderate difficulty. Has determined the behavior and purpose of a simple malware threat and eliminated it from the Company's computers. Familiar with Dynamic Analysis, the analysis of software during its execution on a computer or in a virtual machine, and Static Analysis, the method to look at the component without any execution on the component itself. Has used basic Malware Analysis tools and products.
NETWORK AND SYSTEMS FORENSICS (NOVICE):- Possesses sufficient fundamental proficiency to successfully demonstrate Digital Forensics capability on system and network data in practical applications of moderate difficulty.
THREAT DATA (NOVICE):- Proficient to review and collect pertinent Indicators of Compromise and other threat data from available sources (feeds, community communications, etc) to feed into existing Intrusion Detection systems and processes, to enhance discovery of threats in the environment.
SECURITY POSTURE ASSESSMENT (NOVICE):- Demonstrates the ability to successfully review basic Internet connections and internal networks to identify standard hacker/cracker threats. Able to review the configuration of server and major network applications to identify configuration errors and other problems that weaken organizational systems and increase their likelihood of misuse. Has conducted an assessment of at least one of the following:  access controls, governing access to applications and files,  password controls, determining permissible choice of passwords and governing the requirement to change passwords,  connectivity controls [e.g., open ports/ enabled protocols] influencing permissible communications to and from a computer system,  inappropriate files [including viruses, worms, Trojan horses, bootleg software, music files, inappropriate image files], and  unpatched software, bringing attention to available security-related patches that have not been deployed. Has basic knowledge of several of the following: network foot-printing, port scanning, and enumeration techniques, specific operating system vulnerabilities [like Win-NT, *nix,Win-2K, Solaris], web server vulnerabilities, application level exploits, worms, viruses, and Trojans, network vulnerabilities, sniffing, wireless sniffing, IP spoofing, and PPTP/VPN breaking. Generate security reports for management that show system safety and incident reporting.