Security Monitoring Analyst

Security Monitoring Analyst

A Monitoring Analyst position is open in the Cyber Fusion Center (CFC) with a focus on monitoring indicators of attack and improving processes and procedures. The successful candidate for this role should have experience reviewing security events from multiple systems (Windows, Unix, routers, switches, and endpoints) and discerning between benign and potentially malicious events based on data classification, behavior, and context. This role emphasizes the review and triage of events and requires expertise in designing and implementing correlation searches to respond to changes in the environment and reduce false positives.

Monitor and detect security events from SIEM, Log collection Engines,
and other security technologies such as Splunk and McAfee DLP.
Perform investigations using security platforms to determine false positives or escalate (i.e., IDS/IPS, DLP, etc.).
Monitoring of health alerts and downstream dependencies.
Review and proactively address false positives, collaborating with other teams to improve alert accuracy.
Document, investigate, and notify appropriate contacts for security events and responses.
Collaborate with technical teams for security incident remediation and communication.
Conduct security research on threats and remediation methods.
Prepare system security reports by collecting, analyzing, and summarizing data and trends; present reporting for management review.
3-5 years of cybersecurity monitoring experience.
Experience with security tools such as SIEM, EDR/XDR, and McAfee.
Ability to independently analyze & triage security events and identify false positives.

Strong security monitoring experience (SOC).
Skills with Splunk searches and queries.
Bilingual in both English and Spanish (written & verbal).
Splunk (SIEM) experience.
Cloud security experience.
#NuvitService