Cybersecurity Analysis & Response Analyst - Plano, TX, US - DXC Technology
Candidates will have a minimum of one year experience in an Information Security (IS) role or relevant qualifications, and 4 years experience in an IT role. Applicants should have some familiarity with IS tools and practices, for example IPS, malware behavioural analysis and/or tools, vulnerability assessment tools, system security hardening or configuration, and so on.
Preference will be given to candidates with more IS experience, and candidates with cross discipline experience in additional areas of IT, such as Network Administration or Server Administration.
The position of SIRCC Analyst is a shift role based in the US and can work remotely. The position will report to the SIRCC Manager, and is located in a 24x7 operations environment with other team members and other shift workers.
The successful applicant will have strong written and verbal communications skills, will need to be self-motivated with a good understanding of networking and operating systems, and will be able to manage their time effectively.
This role suits a keen problem solver with flexible thinking that can adapt to changing circumstances on the fly, can differentiate noise from an actual incident, perform in-depth investigations to discover the root causes of an incident, and document everything discovered.
It is essential that the candidate have the ability to communicate effectively in English, and in particular have strong written English skills, since team members will be required to provide regular reports for executive management, as well as maintaining communications with business units, regions, and internally with other security teams.
The selected person will also work well without close supervision when required, and have a good approach to problem resolution.
Applicants for this role must have the following skills:
- Strong English writing skills, in particular the ability to communicate clearly with correct spelling, grammar, sentence structure.
- The ability to learn or develop new processes quickly in response to changes in business requirements and the Information Security landscape.
- In-depth understanding of TCP, IP, and other lower level network protocols, as well as common higher level protocols such as HTTP, HTTPS, SMTP, POP3, FTP, and so on, and the ability to analyse captures of network traffic.
- Familiarity with network security devices, including firewalls, Intrusion Prevention Systems, Intrusion Detection Systems, and so on.
- Understanding of modern network operating systems, how they communicate, and in particular familiarity with the Microsoft Windows line of Operating Systems.
- Strong understanding of the malware products available on the market, how anti-malware software works, and how it is used in an Enterprise environment.
- Basic knowledge about common types of Information Security threats, such as buffer overflows, cross site scripting, SQL injection, phishing, and other techniques used to compromise security.
- The ability to perform analysis of log files from multiple different devices and environments, and identify indicators of security threats.
- Familiarity with Information Security practices and procedures, including investigative processes, and requirements for security audits such as SOX, SAS70, or ISO27001.
- The ability to think flexibly and “outside the box” and to communicate clearly while under pressure.
- The ability to perform independent research and analysis of security threats and issues using various available resources, and to document and report on the results.
- Basic programming or scripting skills.
- Bachelors Degree in Information Security or related discipline, or any of the following or similar related certifications: CCNA, CEH, OSCP, OPST, eCPTT, GCIH or GSEC
- Familiarity with the Microsoft Office suite of applications.
Skills that are highly desirable but not a prerequisite for this role are:
- Understanding of, and experience using, Unix-style operating systems, such as Solaris, Linux, or BSD.
- Experience with multiple types of enterprise level anti-malware packages currently available.
- Experience with Operating System security, administration, and logging in an enterprise environment.
- Experience with basic scripting languages such as bash, Python or Powershell.
- Previous experience writing technical documentation and/or process documentation.
- Experience dealing with Cybercrime and working in an environment that requires an investigative response when dealing with computer based electronic evidence.
- Bachelors Honours project in Information Security.
SIRCC Analysts Will Be Responsible For The Following
- Analyse and perform risk assessments on the potential impact to the business of security events/incidents.
- Coordinating the response to security incidents by the technical groups within the business, including communication with subject matter experts and between business units, directing technical resources, follow-up on tasks assigned by management to business units, and working with technical resources to complete actions if required.
- Ensuring that significant security incidents are reported clearly and concisely managed in a reasonable time frame.
- Initial monitoring and analysis of the output from security devices such as IPS, malware alerts, firewall logs, proxy logs, system logs, and so on.
- Perform behavioural analysis of malware samples in a controlled environment, document the results, and provide the samples and documentation to a reverse engineering team.
- Compiling, reviewing, and submitting incident reports for final peer and management review, prior to release to the business.
- Research new vulnerabilities and security threats reported by external security entities, perform and document risk assessments as to the potential impact of said vulnerabilities and threats to the business. Communicate this information to management and other business units as appropriate.
- Contributing to existing process and procedure documentation, and assist in creating new process and procedure documentation in response to dynamically changing threats, information security landscapes, and business requirements.
This role will be part of a team supporting all regions of a global corporation 24/7, and work consists of investigation and co-ordination functions for such a large enterprise environment. The work will include being part of a leveraged global security team, and will give the successful candidate hands on experience in a fast growing area. Whenever possible, both internal and external training opportunities are available for team members in multiple security-related disciplines, including digital forensic analysis, malware analysis, and risk management. Candidates can expect to gain extensive experience with security incident response techniques and other information security related practices. Candidates will also have plenty of opportunities to develop and advance into specialty areas of security or for advancement within the team and the organisation.