Citi Security Information and Event Management (SIEM) Analyst in Irving, Texas
Primary Location: United States,Texas,Irving
Education: Bachelor's Degree
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: No
Job ID: 17005397
This specialist role will be responsible for the validation of all Security information and event management (SIEM) activities, promotion of content to production, ongoing routine maintenance of the security tools and infrastructure. This position is primarily responsible for the integration and management of secure, reliable, stable and dependable solutions that support and ensure the confidentiality, integrity, and availability of the newer complex security systems in to the existing security infrastructure. The successful candidate will have a proven track record in information security derived from an all-round Information Technology background and SOC/SIEM experience and possess a combination of the following skills, and competencies: · Progressive senior IT experience, ideally holding positions in both IT Infrastructure & Operations as well as Network Security. · Working knowledge of Linux, networking, ArcSight, troubleshooting, and security strategies. · Solid understanding of additional security technologies / disciplines such as Palo Alto and Juniper firewalls, intrusion prevention, encryption, threat analysis, and vulnerability assessment. · Comfortable with managing complex, enterprise-scale logging, including ensuring reporting and alerting is appropriate. · Exposure to project management techniques. · Strong analytical, documentation, and communication skills, both oral and written · Good team working skills and ability to work in a distributed global team environment · Strong analytical and problem solving skills · Self-motivated, proactive and with determination to achieve goals · Flexible and able to deliver quality results in the required timeframe · Familiar and experienced in the software development lifecycle process · Influencing skills to drive development standards.
Linux, networking, ArcSight, troubleshooting, security and/or operations experience
Security Operations Center (SOC) Analyst
The Security Operations Center Information Security Analyst will be part of the SOC Team. This center monitors, analyses and responds to infrastructure threats and vulnerabilities on a 24x7 basis.
The analyst performs monitoring, research, assessment and analysis on Intrusion Detection and Prevention tools as well as Anomaly Detection systems, Firewalls, Antivirus systems, proxy devices (ArcSight, Arbor PeakFlow, SourceFire, Palo Alto Networks, etc.) which requires demonstrable security incident response experience.
• Follow pre-defined actions to handle BAU and High severity issues including escalating to other support groups.. Execute daily adhoc tasks or lead small projects as needed.
• Create and maintain operational reports for Key Performance Indicators and weekly and Monthly Metrics.
• Perform initial risk assessment on new threats and vulnerabilities, perform assessment phase of Vulnerability & Threat Management process.
• Perform assessment as well as troubleshooting and help isolate issues with IDS/IPS sensors, Antivirus servers, Vulnerability scanners.
• Participate in daily and ad-hoc conference calls as well as compliance & controls, self-assessment processes and documentation related tasks.
-4+ years working in the security & operations fields
Bachelor's, in Computer Science or related Degree or higher preferred.
Excellent knowledge of Intrusion Detection (deep TCP/IP knowledge, and Cyber security), various operating systems (Windows/UNIX), and web technologies (focusing on Internet security).
Ability to read and understand packet level data. Intrusion detection and prevention and Network Security Products (IDS/IPS, firewalls, etc) Host Security Products (HIPS, AV, scanners, etc)
Knowledge of cutting edge threats and technologies effecting Web Application vulnerabilities and recent internet threats.
Exposure on Vulnerability assessment as well as penetration testing or forensic analysis fields are an advantage.
Certifications from EC-Council, GIAC, (ISC)² are preferred [CISSP, C|EH, GCIA, CCNA].