The Cybersecurity Analyst will help mature the company's cybersecurity posture through operational practices, governance, risk, and compliance. They will be the third-party Security Operations Center's primary contact and lead security events, incident response, and remediation from a technical position. Provide lessons learned and recommendations to update security policies and controls.
· Cybersecurity Investigations; Work with third-party SOC as primary escalation point to lead Containment, Eradication, and Remediation steps during cybersecurity events and incidents. Triage and investigate phishing emails, and act as an escalation point for phishing escalations. Mentor the IT staff on how to perform investigations.
· Azure and Exchange Online Reviews and Investigations; On-prem AD and Azure AD: Review, investigate, and recommend for Identity Access Management and Privileged Access Management alerts. Exchange Online: Review and investigate focused on phishing and quarantined emails. Hunt for accounts with forwarding rules.
· Recommend improvements to Cybersecurity Controls; Use lessons learned from security events, incidents, phishing, and Vulnerability management to recommend new controls. Research threat groups to keep Cybersecurity Governance, Risk, and Compliance team updated on current and potential threat actions. Attack surface management scanning and reporting. .
· Governance, Risk, Compliance; Work with the Cybersecurity Manager to write, edit, and review policies and procedures for the company. Write or review Request for Proposals to vendors for services. Assists with user awareness training.
· Additional responsibilities as required.
· Associate degree or equivalent Preferred: Graduate of a college or university program in Cybersecurity, Digital Forensics, Information Assurance, or a related study. Antisyphon classes such as SOC Core Skills, Getting Started in Security.
· 2 or more years in Security Operations working Incident Response; Preferred: Hands on experience NIST Incident and Response or SANS Incident Response cycles. Familiar with the Pyramid of Pain. Familiar with the Cybersecurity Kil Chain. Familiar with the Diamond Model of Intrusion Analysis. Familiar with Mitre ATT&CK, CAR, and D3fend. Familiar with NIST Cybersecurity Framework. User awareness training.
· Windows System Administration. Linux System Administration. Email administration. Writing and Editing. Knowledge of Cybersecurity Incident Response processes. Valid passport for travel to Canada and Mexico. Preferred: Python or PowerShell scripting. Understand Incident Response cycle. Technical skills gained in Security Operations Center or Incident Response role.
Job Type: Full-time
Pay: From $61,000.00 per year
Experience:
License/Certification:
Ability to Commute:
Work Location: In person
Salary : $61,000
Click the checkbox next to the jobs that you are interested in.
Click the checkbox next to the jobs that you are interested in.
Automated Testing Skill
Black-Box Testing Skill
Venteon, Troy, MI
Generis Tek Inc, Detroit, MI