Remote Threat Analyst (Writing Detections)

Software Guidance & Assistance, Inc., (SGA), is searching for a Remote Threat Analyst for a CONTRACT assignment with one of our premier Health Insurance clients in Jacksonville, FL .

Top Skills Needed:

Writing/Creating Detections

Experience with multiple SIEM's (Splunk, QRadar, etc)

Previous database threat monitoring preferred

Responsibilities :

• The essential functions listed represent the major duties of this role, additional duties may be assigned.
• Independently, proactively, and automatically correlates and analyzes threat data from various sources and analyzes network events to design, develop, and maintain threat detection rules, alerts, and use cases to support the organization's detection strategy.
• Continuously evaluate and improve the performance and efficacy of the SIEM by tuning existing rules and integrating new data sources.
• Independently conducts industry research and technical evaluation of all-sources and vendor supplied intelligence--with specific emphasis on network operations and advanced and sophisticated cyber tactics, techniques, and procedures
• Subject matter expert in the detection and identification of cyberattack signatures, tactics, techniques, and procedures associated with advanced threats
• Leads assessments and development of cyber threat profiles of current events based on collection, research and analysis of open-source information
• Leads analysis and development of monitoring alerts and threats. Once alert is developed, proposes and leads cross-departmental efforts, if required, to implement appropriate notifications and identify controls that will help mitigate risk and vulnerabilities, as well as safeguard our systems and data
• Independently and proactively prepares detailed technical papers, presentations, recommendations, and findings for Management and other Technology Leaders
• Develops and maintains documentation for security monitoring procedures and security diagrams
• Leads the development of proposed design, configuration, and implementation of security monitoring architecture
• Serve as a subject matter expert for team members, specializing in security alert detection, host analysis, and log analysis
• Creates and leads initiatives to improve detection engineering processes
• Leads improvements discussions with third-party vendor regarding security detection functions
  
  

Required Skills:

• 6+ years related work experience.
• Related Bachelor's degree or additional related equivalent work experience IT related field
• Demonstrated proficiencies in emerging technologies.
• Strong technical knowledge of security architecture, tools and controls with specific demonstrated experience in proactive detection, mitigation, and resolution of advanced cyberattacks and/or threats
• Strong technical knowledge of security infrastructure including security firewalls, data loss prevention, encryption, and end point protection appliances
• In-depth knowledge of information threat analysis and detection concepts and principles and impact
• Experience working and managing vendor performance and service level agreements
• Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
• Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
• Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
• Ability to manage tasks independently and take ownership of responsibilities
• Ability to learn from mistakes and apply constructive feedback to improve performance
• Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
• Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyberattacks
• High critical thinking skills required to evaluate complex, multi-sourced security intelligence information, analyze and confirm root cause, an independently identify mitigation alternatives and solutions that safeguard our technical environment.
  
  

Preferred Skills:

• 3-5 years of detection engineering/SIEM Management experience
• CISSP - Cert Information Systems Security Prof or CySA+, CISM, etc.
• Experience using Agile methodology
• Knowledge of SciPy or Machine Learning Toolkit
• Knowledge of threat intelligence lifecycle/processing of threat intelligence
• Familiarity with various control frameworks including SOC2, HiTrust, ARS, etc.
• Knowledge of database activity monitoring for SQL/NoSQL databases
  
  

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at https://sgainc.com/ .

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.