Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people's intent as they interact with critical data and intellectual property wherever it resides. Our uncompromising systems enable companies to empower employees with unobstructed access to confidential data while protecting intellectual property and simplifying compliance. Based in Austin, Texas, Forcepoint supports more than 20,000 organizations worldwide. For more about Forcepoint, visit www.Forcepoint.com and follow us on Twitter at @ForcepointSec.
A Security Analyst is a member of the Global Security Operations Center (SOC) team who analyzes and responds to real time alerts from information security systems. This person will service as one of a team of responders in the case of a security incident and will also work closely with our Global Operations teams to perform validation of security controls.
* Analyze and respond to security incidents as required.
* Identify security risks, threats and vulnerabilities of the company's network, systems, applications and new technology initiatives.
* Assist in maturing risk and vulnerability management programs, including reporting metrics.
* Review and analyze ACLs, IDS rules, and network device configuration and propose pragmatic best practice solutions
* Design, evaluate, and promote new security standards by standardizing operating procedures and streamlining security related operations.
* Participate in rotational on-call duties in support of a 24x7 global production environment.
* Develop scripts or other techniques to automate repetitive tasks
* Perform other duties and projects as assigned.
Education and Experience
* A BS/MS degree in a technical field such as Computer Science with an emphasis on security, or equivalent experience.
* At least one professional Security certifications (CISSP, CEH, GCIH, GCFA)
* Prior experience with IDS/IPS systems such as Security Onion/Snort/Bro, Sourcefire, Tipping Point, etc.
* Prior experience with Rapid7, Tenable or other enterprise vulnerability management systems.
* Prior experience with SIEM software such as Splunk, QRadar,USM, OSSIM etc.
* Strong foundation in network security and common attack methodologies.
* Good understanding of common protocols such as HTTP, SMTP, SSL/TLS, SSH, DNS.
* Good understanding of security best practices for public cloud (Amazon AWS and Microsoft Azure) including Cloudtrail, Cloudwatch & Shield management.
* Working knowledge of Python ,bash, perl and go scripting languages
* Thorough working knowledge of Linux (RHEL/CentOS) system hardening and security monitoring techniques.
* Experience with well-known information security related tools such as Burp,Wireshark, Kali, Netcat, TCPDump and NMAP.
* Working knowledge of monitoring tools such as Prometheus, Zabbiz,Nagios,Logstash, Kibana, Grafana & Kentick.
* Working knowledge of PKI management and certificate lifecycle management.
* Working knowledge of Puppet, Chef or Ansible.
Preferred Skills and Background
* 3+ years of experience in IT Security, preferably in a medium to large SOC or NOC environment with a 24x7x365 operating model.
* Experience reviewing and analyzing large amounts of raw log data (firewall, network flows, IDS, system logs).
* Knowledge of the incident handling procedures and intrusion analysis models.
* Experience performing incident response in a structured and efficient manner.
* Ability to find creative solutions to difficult problems
* Familiarity with JIRA/Confluence and working within an agile driven DevOps software development/deployment environment.
* Ability to self-motivate and define priorities to meet critical deadlines.