:

The Cyber Security Analyst will work in SRP's Security Operations Center (SOC) which is responsible for detection, response, and remediation of cyber security events across the enterprise.

The Analyst will respond to day-to-day events, participate in incident response activities, support tools used by the SOC team, assist with metrics tracking and development, assist with evaluating current and new software and tools, and work to develop subject matter expertise in one or more SOC functions. Applicants should have good analytical, communication and problem-solving skills.

Salary Range:

$102,933 - $160,000 + DOE

Job Responsibilities

• 
  Identify, triage, and respond to cyber security events in SRP's corporate and operational environments
• Analyze data from multiple sources and tools to discover anomalous and adversarial behavior
• Maintain awareness of current threat landscape utilizing threat intelligence from government and industry partners, as well as information security community resources.
• Develop alerts, reports, and dashboards within the SIEM to facilitate detection and triage.
• Create playbooks and procedures to support detection and response scenarios
• Advise and support implementation of security controls and new defensive capabilities
• Analyze malware and suspicious files using static/dynamic techniques including sandboxing
• Develop understanding of IT/OT environments and network topologies
• Perform forensic analysis on Windows/Linux/Mac hosts during incident response
• Participate in department on-call rotation to respond to after hours events

Education

Experience

10 years professional experience in discipline related to information systems and/or cyber security plus professional recognition.

Experience cont'd

Industry security certifications are beneficial but not required. Examples of relevant certifications include CISSP, SANS/GIAC (GSEC, GMON, GCIA, GCFA, etc), Security+, CCNA/CCNP Security.

Ideal candidates should have 5 to 10 years of Information Technology and/or InfoSec experience.

The applicant should have a moderate to strong understanding of two or more of the areas listed below and have at least basic knowledge across most areas.

• SIEM technologies (Splunk experience a plus)
• Windows and Linux architectures, administration, and hardening
• Thorough understanding of the TCP/IP network stack, including common protocols and network topologies
• Network traffic analysis and packet capture tools (Wireshark, Bro/Zeek, etc)
• IDS/IPS technologies
• Enterprise antimalware/Endpoint Detection & Response (EDR) platforms
• Microsoft Azure/M365 architectures and security features
• Incident response and forensic analysis tools and procedures
• Vulnerability management and mitigation concepts
• Programming or scripting experience (PowerShell, Python, etc)

Additional Information

Computer Information Systems, Computer Science, Cyber Security or degree in a similar technical discipline is preferred.

Industry security certifications preferred, including CISSP, SANS/GIAC (GSEC, GMON, GCIA, GCFA, etc), Security+, CCNA/CCNP Security.

• 
  Work schedule is flexible but typically 8x5 during daytime business hours.
• Role requires participation in department on-call rotation which involves responding to emergency callout during non-business hours, as needed.
• Occasional contacts with vendors of software, equipment, and services.
• Occasional travel to industry organizational functions and SRP facilities.
• Work with confidential data such as payroll and employee information.
• Demonstrated capability to perform advanced and more difficult work as determined by the supervisor.
• Is fully competent in all aspects of functional area of assignment and as such would be recognized as a specialist in area of assignment and may have periodic or occasional lead responsibilities