This position will be fully remote and can be hired anywhere in the continental U.S.
The Sr. Threat Analyst will provide intrusion/incident monitoring and detection utilizing customer provided data sources, audit, and monitoring tools at both the government and enterprise level. The Threat Analyst will work closely with our Technology Analysts, Engineers, and Architects to service customers. Additionally, the Sr. Threat Analyst will be responsible for coaching and supporting less senior resources on the team. This role is critical to maintaining our quality program and perform quality reviews.
How you'll make an impact:
Analyze, document, and report on potential security incidents identified in customer environments
Perform quality reviews of other Analysts cases and provide feedback on improvement
Work with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets
Act as a coordinator for security events that require urgent response, containment, and remediation
Provide analysis on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, and vulnerability scanners
Perform knowledge transfers, document, and train clients and less senior team members regarding mitigation of identified threats
Provide ongoing recommendations to other peers and customers on tuning and best practices
Actively research current threats and attack vectors being exploited in the wild
What we're looking for:
U.S. Citizenship required.
Three or more years of full-time professional experience in the Information Security field
Experience working in a Security Operations Center (SOC), Managed Security Service (MSS), or enterprise network environment
Excellent time management, reporting, and communication skills
Strong oral and written communication skills. Including email, case management, procedure and other documentation, and presenting to clients
Understanding of security architectures/devices such as firewalls, routers, switches, load balancers, remote access technologies, anti-malware, end point detection and response (EDR), SIEM, and cloud based security tools
IDS/IPS monitoring/analysis
Experience with SIEM platforms (e.g., Splunk, QRadar, Logrhythm, Exabeam)
Familiarity with web-based attacks, methodologies and frameworks such as Mitre ATT&CK, SANS Top 20, and OWASP Top 10
Attack vectors and exploitation
Ability to identify common false positives and make suggestions on tuning
Mitigation methods
Direct (e.g., SQL Injection) versus indirect (e.g., cross-site scripting) attacks
Understand the foundations of enterprise Windows security including:
Active Directory
Windows security architecture and terminology
Privilege escalation techniques
Common mitigation controls and system hardening
Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS)
Experience in monitoring at least one commercial AV solution (e.g., McAfee, Symantec, Sophos, Trend Micro)
Malware
Understanding of root causes of malware and proactive mitigation
Propagation of malware in enterprise environments
Familiarity with web-based exploit kits and methods of exploitation
Familiarity with concepts associated with Advanced Persistent Threats and “targeted malware”
Experience with malware protection tools such as Tanium or Fireeye
Understanding of malware mitigation controls in an enterprise environment
Network Based Attacks / System Based Attacks
Denial of Service Attacks
HTTP Based DoS Attacks
Network Based DoS Attacks
Brute force attacks
Covert channels, egress, and data exfiltration techniques
Familiarity with vulnerability scoring systems such as CVSS
Basic understanding of vulnerability assessment tools such as vulnerability scanners and exploitation frameworks
Shift flexibility, including the ability to provide on call support when needed
Valid driver’s license
Ability to work greater than 40 hours per week as needed
Ability to travel up to ten percent of the time
Ability to act as a part-time on-call escalation point for security incidents
High School Diploma or equivalent experience
Experience working with Incident Ticketing Systems (e.g., ServiceNOW, Remedy, Heat) is a plus
General security knowledge (e.g., GCIA, CISSP, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +, OSCP or other security certifications) is a plus
More advanced knowledge (e.g., CCNA, CCDA, CCSA, CCIE, CISSP, CEH, MCSE) is a plus
#LI-KG1
What you can expect from Optiv
EEO Statement
Optiv is an equal opportunity employer (EEO). All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.
Sophos
USAA
Akbank
Sophos
NUNSYS
