The Threat Detection Analyst supports cyber detection activities, including cyber threat detection via daily review of SIEM, NIDS, and Email security platforms. This role requires highly technical hands-on analysis and professional discretion to handle sensitive issues and investigations.
- Support program strategy and operation rhythms.
- Work in coordination with cyber security operations and other IT security functions to determine requirements and opportunities for threat detection and policy / prevention recommendations.
- Support internal incident response activities, assisting with the mitigation and remediation processes while documenting lessons learned.
- Utilize metrics to track the performance and efficiency of detection signatures/rules and associated technologies.
- Identify potential process improvement projects and serve as a change agent.
- Interface with fellow team members, colleagues on the security team, business partners, management, vendors, and external parties on best practices.
- Responsible to ensure Information Security (IS) tools and processes meet regulatory requirements.
- Establish and maintain business/IS relationship.
- Understand business objectives, priorities, drivers and technology focus areas.
- Ensure that expectations are met and ensure high customer satisfaction levels through established metrics against SLAs.
- Benchmark and implement industry best practices to mitigate potential threats to clients digital infrastructure and operations.
- Contextualize findings to clients specific business risks or vulnerabilities.
- Support the design and implementation of procedures and controls necessary to ensure and protect the safety and security of all information systems assets, including prevention of intentional or inadvertent access, modification, disclosure, or destruction.
- Provide expertise and counsel to management, other organizations, and special project personnel.
- Support the preparation of appropriate reports and communicate status and results.
- Collaborate with management in developing technical directions, setting objectives, and setting realistic and challenging goals.
- Qualification: Graduate in any discipline.
- A minimum of 8+ years of experience in Information Technology, Cyber Security, Information Assurance, or a related field.
- A minimum of 2 years in Security Operations Centre (SOC) operations/CIRT/incident response team.
- Experience with DLP tools and DLP investigations.
- Cyber threat detection experience leveraging industry standard toolsets / frameworks such as Snort, Bro, HIPS, Yara, or related tools for detecting anomalous / malicious cyber activity on hosts or across networks.
- One or more relevant security certifications (GCIH, GCIA, etc.).
- Results driven, strategic, conceptual, and innovative thinker.
- Experience presenting to senior leadership.
- Prior cyber incident response experience and/or experience working in high tempo cyber operations environments.
- Highly analytical, detail-oriented, and strong problem solving with a common sense approach to resolving problems.
- Expertise to clearly define complex issues despite incomplete or ambiguous information.
- Strong oral and written communications skills.
- Strong interpersonal and critical thinking skills.
- Excellent consulting skills and superior ability to develop and maintain effective client relationships.