Information Security Analyst, Event Analyst - CSIRT
JOIN US AS AN INFORMATION SECURITY ANALYST, EVENT ANALYST - CSIRT, CYBER SECURITYSimilar Industry Titles and Key Words: cyber security, intrusion, event analyst, fusion center, incidentsSUMMARYThe Event Analyst position is responsible for detecting and assessing cyber security events and incidents across the Target environment. The Event Analyst works among a team of skilled analysts to address complex or difficult problems as needed within a 24x7 Cyber Fusion Center (CFC) environment. The Event Analyst also is responsible for implementing new processes and procedures as identified by the CSIRT and the CFC Leadership to ensure for continuous improvements to monitor, detect and mitigation capabilities.KEY RESPONSIBILITIES
- Monitors SIEM and logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromises
- Responsible for understanding the global threat landscape through working with Target Cyber Threat Intel team to maintain awareness
- Assists with triage of service requests from customers and internal teams
- Escalates cyber security events according to Target's Cyber Security Incident Response Plan
- Assists with containment of threats and remediation of environment during or after an incident
- Acts as a participant during Cyber Hunt activities at the direction of one or more Target Incident Handlers
- Documents event analysis and writes comprehensive reports of incident investigations
- BS in Computer Science, Computer Engineering, Math, Information Security or a related field.
- 2 or more years of experience in a Security Operations Centers or Cyber Security Incident Response Teams in lieu of education requirement.
- Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and adaptive learning
- Excellent written and oral communication skills
- Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
- Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work)
- Security certifications (e.g. Security+, GCIA, GCIH, CISSP, CEH, etc.)
- Experience with ArcSight/Splunk/FireEye or other security products desired
- Experience managing cases with enterprise SIEM or Incident Management systems
- Experience supporting network investigations.
- Experience with network monitoring in a SOC environment desired