Security Analyst- CSIRT

  • location: Richmond, VA
  • type: Contract
  • salary: $45 - $55 per hour
easy apply

job description

Security Analyst- CSIRT

job summary:
Randstad is looking for a Security Analyst-CSIRT in Richmond, VA.

CSIRT Job Description

Successful candidate will be a member of client's Computer Security Incident Response Team (CSIRT), responsible for monitoring, investigating and responding to events generated from various systems, seeking anomalies in user and endpoint activity, continuously improving the detect and respond capability of the organization and maintaining awareness regarding current and developing threats. Team members recommend and oversee enhancements to the SIEM, use of threat intelligence, lead incident response activities throughout the organization and act as a point of escalation for incidents outside of normal business hours (nights, weekends, holidays).

 
location: Richmond, Virginia
job type: Contract
salary: $45 - 55 per hour
work hours: 8 to 5
education: Associates
 
responsibilities:
  • Job Responsibilities
  • Monitors for, investigates and responds to alerts generated by multiple network, server and client security controls
  • Researches system events to identify and investigate unwanted or malicious activity
  • Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents
  • Engages, directs and/or leads others in investigating and responding to potential incidents
  • Acts as the point of escalation for incidents outside of normal business hours (nights, weekends, holidays) at least one week per month
  • Maintains and adheres to incident response procedures for CSIRT and other teams
  • Identifies opportunities, designs and implements rulesets and other control configurations to increase likelihood of identifying unwanted or malicious activity
  • Performs analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security
  • Performs incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations that enable expeditious remediation
  • Performs intrusion correlation/tracking, threat analysis, and assists with system remediation tasks to support remote Incident Response personnel
  • Tracks and documents incidents through the entire incident response lifecycle (from initial detection through final resolution)
  • Writes and publishes incident reports
  • Analyzes identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
  • Characterizes and analyzes network traffic to identify anomalous activity and potential threats to network resources
  • Conducts research, analysis and correlation across a wide variety of data sets (indications and warnings)
  • Performs content development for CSIRT tools, such as dashboards, rules and reference sets in IBM QRadar
  • Coordinates with Network Security staff to validate network alerts
  • Determines appropriate course of action in response to identified and analyzed anomalous network activity
  • Documents and escalates incidents
  • Performs trend analysis and reporting
  • Performs event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
  • Provides timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
  • Receives and analyzes network alerts from various sources within the enterprise and determines possible causes of such alerts
  • Initiates malware triage and analyzes output
  • Uses CSIRT tools for continual monitoring and analysis of system activity to identify malicious activity
  • Supports operations security tasks and initiatives
Relevant Certifications

GSEC, GCIA, GHIC, GCFA, GFNA, GCTI, GPEN Security+, CySA+, EnCE, CISSP, CEH, OSCP, etc.

 
qualifications:
Basic Qualifications

  • Knowledge of basic system administration, network, and operating system hardening techniques
  • Knowledge of Windows and Linux event log analysis
  • Knowledge of how network services and protocols interact to provide network communications
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)
  • Knowledge of network monitoring tools - Bro, Snort, etc.
  • Knowledge of deep packet inspection
  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol (TCP) and Internet Protocol (IP), Open System Interconnection Model (OSI))
  • Ability to interpret and incorporate data from multiple tool sources
  • Knowledge of host/network access controls (e.g., access control list)
  • Knowledge of endpoint monitoring tools - Antivirus, EDR, etc.
  • Knowledge of SIEM usage, content creation and searching (preferably Qradar, Splunk, Logrhythm, or Arcsight)
  • Knowledge of common incident handling practices
  • Knowledge of practices for analyzing suspicious email
  • Knowledge of scripting or programming experience (e.g. Python, Perl, Powershell, Golang, etc.)
  • Knowledge of Regex
 
skills:

Desired Qualifications

  • Knowledge of intrusion detection system tools and applications
  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
  • Knowledge of principles for detecting anomalies on endpoints and network
  • Knowledge of Malware analysis techniques (dynamic and static)
  • Knowledge of common attacker tools, techniques and procedures
  • Knowledge of how attackers think
  • Knowledge of how to identify and expand searches for indicators of compromise

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

easy apply

get jobs in your inbox.

sign up
{{returnMsg}}