- Eyes on glass monitoring and resolution of security incidents within established customer Service Level Agreements.
- Performing daily operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from Security Information Monitoring tools, network and host based intrusion detection systems, firewall logs, system logs (Unix & Windows), mainframes, midrange, applications and databases.
- Additional responsibilities will include performing documentation review and improvement, attending meetings as needed, serve front line response for troubleshooting low-level engineering issues as needed.
- Collaboratith Line of Business technical teams for issue resolution and mitigation.
- Communicate and escalate issues and incidents as required by process or management.
- Specialize in network and log centric analysis.
- Use of IDS, IPS, and/or other signature matching technology
o Perform other essential duties as assigned
- 3 to 5 years of Information Technology experience with network technologies, specifically TCP/IP, and related network tools.
- 10 plus years in the Information Technology space
- A sound understanding of TCP/IP and networking concepts
- Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management
- Understanding of source code, hex, binary, regular expression, etc.
- Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
- Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
- Experience assisting the development and maintenance of tools, procedures, and documentation
- Customer service including the resolution of customer escalations, incident handling, and response
- Experience in a fast paced, high stress, support environment
- Subject matter expert (SME) in one or multiple areas such as Windows, Unix, Midrange, Mainframe, Firewalls, Intrusion Detection, Threat Detection Analysis, or Information Risk Management
- Ability to follow detailed process and procedure documentation
- Ability to present complex solutions and methods to general community
- Demonstrated ability to be reliable and flexible
- Excellent written and verbal communication and organizational skills
- Outstanding work ethic
- Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources
- Network, Security, or Platform certification(s) (S+, N+, MCSP, CNA)
- CISSP or SANS GIAC GCIA certification desired