Job ID R1907234 Date posted Jul. 02, 2019
The VMware Information Security Operations team detects and responds to cyber threats targeting VMware systems, applications, infrastructure, information, and users. We are a highly technical team responsible for the triage, containment, and remediation of security threats. You are expected to have demonstrable experience in threat hunting and technical analysis, as well as team leadership and development experience.
As an Information Security Analyst at VMware, you are responsible for:
* Providing primary operational support for security events and alerts.
* Providing response support to users, advising users on alignment to security policies.
* Continuous and real-time searching for security threats and malicious activity.
* Daily tracking of events, alerts, and requests submitted from various sources including users, security tools, and third parties.
* Responding to tickets, email, and telephone requests from users across a global company.
* Designing and maintaining security playbooks and standard operating procedures.
* Providing various communications, shift handovers, and incident documentation across a continuously staffed team.
* Participating in evaluation, implementation, and troubleshooting of Security tools.
* Tracking, reporting, and controlling incident communications with other teams.
* Evidence collection, documentation, communications, and reporting.
* Providing feedback on effectiveness of threat intelligence platform and data feeds.
* Submitting threat indicators collected during analysis.
* Maintaining current knowledge and understanding of the threat landscape and emerging security threats.
* Maintaining a high level of confidentiality.
Required skills and experience:
* 3-5 years of experience working in security monitoring and incident response.
* Deep understanding of Security Operations Center (SOC) and Incident Response practices and methodologies.
* Solid grasp of cloud computing and security issues related to cloud environments.
* Experience performing security event investigations, triage, and response on cloud platforms (Amazon Web Services, Microsoft Azure, Google Cloud Platform).
* Experience using SIEM products.
* Experience with endpoint security analysis on Windows, Mac, and Linux event data and related tools.
* Experience with malware analysis or forensic analysis.
* Demonstrable technical knowledge of Internet security and networking protocols.
* Understanding of security technologies, including UEBA, SIEM, IDS/IPS, firewalls, endpoint security, content filtering, and packet inspection.
* Understanding of system hardening techniques and practices.
* Strong analytical skills and ability to identify advanced threats.
* Scripting skills such as Python, Perl, RegEx, Splunk Query Language.
* Ability to communicate effectively at all levels of an organization, across diverse cultural and linguistic barriers, and among a geographically distributed team.
* Ability to collaborate effectively as part of a team and work independently with minimal supervision.
* Ability to quickly adapt as the external environment and organization evolves.
* Ability to prioritize projects and deliverables.
* Confident facing new challenges and changes in direction.
* Self-motivated, team player, and detail oriented.
* Positive and constructive attitude.
* Excellent written and verbal communications.
* Availability outside working hours for high priority events.
* Bachelor's degree or equivalent experience.
* Security certifications such as GCIH, GCIH, CySA+, OSCP, CISSP, CCSK
Apply now Apply now