Cyber Security Operations Analyst - CSOA24-12773

Job Title: Cyber Security Operations Analyst
Duration: 10 months (may be renewed)
Location: Boston, MA (Hybrid)
Work Hours: 37.5 hr/week

A leading organization is actively hiring a Cyber Security Operations Analyst! Join a great team of cyber security professionals and help protect the confidentiality, integrity, and availability of digital information and systems. Cyber Security Operations is a key pillar of the Information Security program, responsible for the deployment and tuning of security tools, threat-hunting, and Cyber Incident Response. The Cyber Security Operations Analyst will be a member of a 4-person team, reporting to the Director of Cyber Security Operations, and will work closely with the Chief Information Security Officer (CISO). The ideal candidate is a self-starter with a passion for cyber threat hunting, can collaborate well with a small team, and demonstrates strong written and verbal communication skills.

Duties and Responsibilities:

Security Operations Response and Reporting:

• Review and respond to Security Operations Center alerts.
• Manage Endpoint Detection and Response and Identity alerts, responding to ServiceNow tickets.
• Analyze daily and system-generated reports, along with threat feeds for issues or relevance.

Splunk SIEM Logs Review and Improvement:

• Configure alerts to address gaps in proactive and responsive measures.
• Maintain a query repository for regular tasks and improve dashboard visibility across sources.
• Ensure data hygiene and CIM compliance with the data model.

Threat Detection & Incident Response:

• Conduct threat hunting, tracking common tactics, techniques, Indicators of Compromise (IOCs), and applying necessary measures for detected threats.
• Utilize custom Indicators of Attack (IOAs) and EDR SOAR workflows for automated response and remediation.
• Monitor web proxy and firewall traffic to address abnormal activity.

Monitoring & Visibility Recommendations:

• Develop metrics dashboards for security tools.
• Enhance visibility across firewall and web proxy logs.
• Recommend security improvements, including hardening and content blocking.
• Audit the deployment of security controls and ensure compliance with policies and standards.
• Document and maintain logs of policy violations.

Vulnerability Assessment Responsibilities:

• Conduct vulnerability assessments of infrastructure and applications, documenting identified gaps and risks.
• Communicate risks and vulnerabilities to customers.
• Perform continuous monitoring to analyze the security posture of infrastructure and applications.
• Manage and address events in the Security Information and Event Management (SIEM) system.

Additional Responsibilities:

• Stay updated on security best practices, industry standards, and regulatory changes.
• Develop security solutions based on business needs and regulatory requirements.
• Assist with inquiries from customers, vendors, and colleagues in a courteous and professional manner.
• Provide on-call support as necessary.
• Offer deskside support when gathering evidence for investigations or advising on safe computing practices.
• Contribute to the continuous improvement of the information security program.

Required:

• 2+ years of training or experience in IT Operations and cyber security operations.
• Strong work ethic, excellent time management, and team collaboration skills.
• Effective verbal and written communication skills.
• Authorization to work indefinitely in the U.S.

Qualifications:

• Bachelor's degree or equivalent in Cyber/Information Security.
• Industry certifications such as CISSP.
• Previous experience on a Cyber Security Operations team in a large organization.

This is a fantastic opportunity to work with a dynamic team and contribute to the strengthening of cyber security operations.