Senior Information Security Analyst (L3) Alpharetta, GA JOB SUMMARY
MGT Consulting Group is a national leader in public sector management consulting and services that delivers diverse business consulting services to a wide range of public sector groups. Celebrating its 45th year in 2019, the firm attracts exceptional talent and empowers them to exceed client expectations as they navigate the dynamic demands of public agency performance As part of our Technology Solutions Group (Cira Infotech) , you will assist in leading a team responsible to respond to incidents and triage information ,security events , incidents & perform forensics . In this role, you will collaborate alongside a team of skilled analysts to address complex problems within a 24x7 Security Operations Center (SOC). If you are looking for a job that challenges you and gives you the opportunity to make an impact, where ideas are encouraged, and an entrepreneurial spirit is essential, then MGT Consulting may be the place for you.
MAJOR DUTIES
Part of Managed Detection and Response (MDR) team to effectively prepare, detect, and respond to incidents.
Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
Detect and respond to alerts from end point detection response tools.
Establish vulnerability management program using systematic scanning, risk evaluation, and coordination to remediate or mitigate identified vulnerabilities.
Provide escalation support and document resolutions for improvement
Work with the Account Management team as a Security SME to advise clients on applicable security solution technology, practices, managed services, and available solution programs.
Provide weekly and monthly reports on Security Incident Response team activities
Coordinate and provide expert technical support to resolve cyber defense incidents. Coordinate with intelligence analysts to correlate threat assessment data
Monitor external data sources (e.g., cyber defense vendor sites, US-CERT, OpDivs, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise
Investigate anomalies observed within the network and to remediate network and systems outages
Experience working with NDR tools as well as SIEM tools such as LogRhythm, Rapid7, Splunk etc.
Familiarity with industry standards such as PCI DSS, HIPAA, CIS Critical Controls, NIST, OWASP.
Experience in creating, documenting, and maintaining policies, procedures, and workflows is strongly preferred
Lead the SIEM Practice team and ensure the delivery of the team
Role involves 75% technical and 25% lead activities.
MINIMUM QUALIFICATIONS
Bachelor’s Degree in Cybersecurity, Technology, Business, or related field
Eight (8) or more years’ experience working in Cybersecurity space
Experience in Performing the Forensics by using the toolkit FTK / Autopsy etc
Running and Handling the Incident Response Team (IRT) and procedures in the SOC Division.
Proven successful experience in dynamic, high growth environment or start-up company
Been a part of L3 Support and provided technical solutions
Should have proven lead experience to manage the delivery of projects
Experience as a Security SME to advise clients on applicable security solution technology, practices, managed services, and available solution programs.
Experience with MDR tools and SIEM tools
Expert on Incident Triage and incident handling
Experience in real-time cyber defense incident handling - forensic collections, etc.
Demonstrated experience in Networking and Network Security products including Managed Detection and Response, Next Gen Firewalls, IDS/IPS, SIEM Solutions, SOAR, Cloud Security, End Point Security, Vulnerability and Penetration Testing Services
Demonstrated ability to discuss the financial and business implications of solutions
Understanding of Cloud based solutions such as AWS, Azure, and/or Google Cloud
Familiarity with governance and compliance issues and management/reporting solutions and requirements. Working knowledge of HIPAA, PCI, FERPA, CIPA, GDPR, etc.
Certifications like CISSP or CNFE must have. Having both will be perfect.
Bausch + Lomb (NYSE/TSX: BLCO) is a leading global eye health company dedicated to protecting and enhancing the gift of sight for millions of people around the world—from the moment of birth through every phase of life. Our mission is simple, yet powerful: helping you see better, to live better.
This is your opportunity to join AXIS Capital – a trusted global provider of specialty lines insurance and reinsurance. We stand apart for our outstanding client service, intelligent risk taking and superior risk adjusted returns for our shareholders. We also proudly maintain an entrepreneurial, disciplined and ethical corporate culture. As a member of AXIS, you join a team that is among the best in the industry.