Job Description
This position will be fully remote and can be hired anywhere in the continental U.S.
The Threat Analyst will provide intrusion/incident monitoring and detection utilizing customer provided data sources, audit, and monitoring tools at both the government and enterprise level. The Threat Analyst will work closely with our Technology Analysts and Architects to service customers. In addition, the Threat Analyst will collaborate closely with our customers on providing oversight on platform services providing basic operational support, health monitoring and incident management for in-scope platforms. In addition, oversight on tier one services include access to the security operations hotline, mobilization, and triage. Also, the Threat Analyst will provide support and guidance to the level 1 support desk and focus driving initiates that help improve performance of the team.
How you'll make an impact
• This role will provide both SOC support (50%) as well as perform Service Desk responsibilities (50%).
• High level professional writing experience regarding documenting and reporting on potential security incidents identified in customer environments to include timeline of events.
• Document, prioritize and route requests and incidents from Client in the case management system.
• Be the technical advocate for strategic success to the team. Focusing on collaborating with the customer on identifying risks, performance gaps and building service improvement places to improve people, processes, and tools.
• Translate customer business requirements into specific features and functionality.
• Escalate to and mobilize platform subject matter experts as required for major incidents, outages and complex troubleshooting for technologies managed by customers.
• Perform basic operational tasks within the platforms under management and implementation including user and device provisioning/deprovisioning, user access, asset onboarding, configuration changes, password resets, email archival, multifactor authentication, and remote support of end-user assets.
• Collaborate with customer and program managers and develop and program managers on developing areas for service improvement.
• Maintain responsibility for simultaneous projects (leading, project knowledge and client details)
• Perform operational responsibilities of the Service Desk within agreed SLAs (Distribute reports, monitor activities, respond to events and alerts, etc.).
• Identify service improvement items to reduce team member issues, increase satisfaction, boost team dynamics, and use data to progress performance.
• Support software installing on end-user computing devices (EUC).
• End-user peripheral support
• Service catalog management.
• Task routing and transfers of tasks to other internal support
• Collaborate with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets.
• Collaborate with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets.
• Function as a coordinator for security events that require urgent response, containment, and remediation.
• Provide analysis on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc.
• Perform knowledge transfers, document, and train clients regarding mitigation of identified threats.
• Provide ongoing recommendations to other peers and customers on tuning and best practices.
• Actively research current threats and attack vectors being exploited in the wild
• Actively collaborate with other analysts and perform investigations on escalations.
What we are hiring for
• Four or more years of full-time professional experience in the Service Desk role
• Three or more years of full-time professional experience in an Information Security field
• Experience working in a Network Operation Center (NOC), Security Operations Center (SOC), Managed Security Service (MSS), or enterprise network environment as a point of escalation a plus.
• One or more certifications (A+, network+, Server+ or ITIL certifications or equivalent)
• Experience reviewing tickets to identify patterns, handing escalations, and working to find the root cause.
• Strong knowledge of Office 365
• Knowledge and understanding of ITSM tools such as ServiceNow and Workflow automation.
• Experience with analytics tools such as PowerBI and Tableau
• Excellent time management, reporting, and communication skills including customer interactions and executive presentations.
• Excellent time management, reporting, and communication skills including customer interactions and executive presentations.
• Data analysis using SIEM, Database tools, and Excel.
• Experience troubleshooting security devices and SIEM.
• Ability to create and maintain content within SIEM environments and make recommendations to clients to better their visibility.
• IDS monitoring/analysis with tools such as Sourcefire and Snort
• Experience with SIEM platforms preferred (QRadar, LogRhythm, McAfee/Nitro, ArcSight, Splunk) a plus.
• Direct (E.g., SQL Injection) versus indirect (E.g., cross-site scripting) attacks
• Experience with the following attacks: Web Based Attacks and the OWASP Top 10, Network Based DoS, Brute force, HTTP Based DoS, Denial of Service, Network Based / System Based Attacks.
• Familiarity with SANS top twenty critical security controls
#LI-TW1
What you can expect from Optiv
• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups (http://www.optiv.com/company/about-us#dei-group) .
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer (EEO). All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice (http://www.optiv.com/job-applicant-privacy-notice) . If you sign up to receive notifications of job postings, you may unsubscribe at any time.
