Senior Cyber Fusion Center Triage Analyst - Incident Detection
Dallas, TX

Job Description

Worker Sub-Type:

Regular

Job Description:

THE POSITION

Cylance is looking for a talented Senior Cyber Triage Analyst to join our team and support our client in Plano, TX. This position conducts threat identification, analysis, and remediation by utilizing cyber defense tools and security best practices. This position requires working closely with other security teams and stakeholders to remediate threats and protect the environment.

WHAT YOU WILL DO

* Monitor the network, systems, and applications for any suspicious behaviors, activities, and anomalies.
* Investigate escalated security events according to existing policies.
* Perform traffic analysis, threat hunting activities and malware analysis.
* Create new correlation rules and fine-tune existing rules to improve deletion efforts and reduce false positives.
* Mentor and train Junior analysts.
* Collaborate with other team members to establish new processes and procedures.
* Assist with side projects and other tasks as needed.

WHO WE ARE LOOKING FOR

* BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience preferred.
* 3+ years of experience investigating and responding to intrusions in an enterprise or security operations environment.
* Proven experience in log analysis, incident handling, threat hunting, and malware analysis.
* Solid understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
* Advanced experience with SIEM and log aggregation technologies.
* Demonstrated close attention to details, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
* Ability to work in a 24/7 monitoring environment with dynamic hours and rotating shifts.
* Must be onsite in Plano, TX.
* Security certifications such as GCIA, GCIH, or CISSP are preferred but not required.
* Must be onsite in Plano, TX Monday - Friday, relocation available

ABOVE AND BEYOND

* Experience with Splunk and other SIEM platforms, Enterprise Intrusion Prevention Systems, Endpoint Detection tools, and other security products
* Experience supporting incident investigations in a large and complex environment
* Experience working in a 24/7 SOC environment

WHAT WE NEED FROM YOU TO APPLY

* Current resume


* Github link or previous project portfolio (optional)

Job Family Group Name:

Sales

Scheduled Weekly Hours:

40