Career Opportunities: INFORMATION SECURITY ANALYST II - Remote (126065)

Job Overview

Tier 2 Analysts play a crucial role in enhancing the organization's cybersecurity capabilities by responding to and containing more sophisticated threats. 
This role provides support to other tiers and external teams, serves as the escalation point for Tier-1 analysts, ability to respond/investigate without a defined playbook or process. This role has Intermediate to Advanced understanding of TE’s security toolset.

• Tier 2 Analyst understands and can perform Tier 1 Analyst’s functions (all of the above) as needed – At minimum critical monitoring and associated analysis as needed.
• Advanced Cyber Incident Analysis: Conduct in-depth analysis of security incidents that have been escalated from Tier 1. This involves a deeper examination of the nature and scope of the incident, as well as identifying any advanced tactics, techniques, and procedures (TTPs) used by attackers.
• Incident Containment: Work on containing and mitigating security incidents. Implement strategies to limit the impact of an incident and prevent it from spreading further within the organization's network.
• In Depth Analysis: Perform advanced analysis on compromised systems to understand the root cause of incidents, identify the extent of the compromise, and gather evidence for investigations.
• Malware Analysis: Analyze and dissect malicious software to understand its functionality, behavior, and potential impact on systems. This involves using tools and techniques to reverse engineer malware.
• Security Tool Management: Manage and fine-tune security tools such as intrusion detection and prevention systems, endpoint protection, and security information and event management (SIEM) systems to enhance their effectiveness.
• Incident Reporting: Generate detailed incident reports documenting the findings, analysis, and remediation steps taken during incident response. Communicate findings to higher-level teams, management, and relevant stakeholders.
• Collaboration with Tier 1 Analysts: Collaborate with Tier 1 Analysts to provide guidance, training, and support. Share insights and lessons learned to enhance the skills of less experienced team members.
• Threat Hunting: Proactively search for signs of advanced threats within the organization's network. This involves using threat intelligence and other resources to identify potential security risks before they escalate.

Responsibilities

• Intermediate Malware Analysis 
• Threat hunting (SIEM, EDR, etc) 
• As needed - Monitor Security Alerts/Critical Monitoring (SIEM, SOAR, EDR, Inbox, SNOW) 
• Threat Intelligence Collections 
• Threat Intelligence Alert Monitoring 
• Threat Intelligence Sources Dissemination 
• Breach Monitoring and Reporting 
• Threat Informed Defense Alerting - Monitoring and Analysis, perform response coordination & closure to ensure issues have been appropriately addressed 
• Threat Response Coordinator - Provide notifications to stakeholders on key issues 
• Reportable Incident Validation  
• Potential Incident Analysis Investigations 
• SIEM SOAR Playbooks Design - Document / create playbooks and procedures for Tier-1 analysts when gap areas are identified, or new detections are created. Identify areas of improvement & automation 
• Programming, Queries & Scripting - Implement or work with escalation analysts/engineers to build detection & prevention mechanisms

What your background should look like:

• Experience:  3-5 years of similar technical experience
• Education: degree or certificate preferred

Competencies