Information Security Analyst (Remote)

• Engineer, implement, and administer the SIEM platform, open-source or commercial.
• Analyze, design, build, tune, and support SIEM use cases across various business functions and security operational needs.
• Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents.
• Develop log ingestion, aggregation, and retention strategies to meet policy, related standards, and operational requirements.
• Assist with onboarding new data sources into our SIEM, analyze the data for anomalies and trends, and build dashboards highlighting the key trends of the data.
• Analyze and investigate security events from various sources.
• Triage and validate security alerts and escalate incidents, as required. Ensure that incidents are correctly reported and documented in accordance with operational policies and procedures.
• Manage security events as part of security operations, responding to urgent alerts, which may include off-hours investigation activities.
• Troubleshoot system misconfigurations and recommend best practices for remediation.
• Provide high quality written and verbal status reports, briefings, recommendations, and findings as required.
• Maintain and support the operational integrity of SIEM/SOC toolsets.
• Helping to develop the SOC (Security Operation Center) roadmap by delivering SOC capabilities to the business and championing new ideas and initiatives to help improve new and existing capabilities.
• Ensure all relevant technical standards and policy documentation is reviewed and maintained throughout SOC technical capabilities.
• Maintain situational awareness of emerging cyber trends by reviewing open-source reports for recent vulnerabilities and other threats that have the potential to impact the services and incorporate this understanding into day-to-day security monitoring.
• Excellent knowledge of Endpoint protection.
• Good understanding of vulnerability assessment and management.
• Update SIEM/SOC documentation, processes and procedures and ensure currency, as required.
• Provide ideas and feedback to improve the overall SOC capabilities and maturity.
• Perform all other Information Security related duties as assigned and contribute to the success of the Information Security Team.

• Bachelor's degree in Information Security, computer science, business, or a related field, or equivalent in experience and expertise.
• Excellent Google Cloud Platform knowledge.
• At least 3 years' hands-on experience in SIEM tools implementing, operating and incident management in mission critical environments.
• Industry Certifications such as CISSP, CCSP, CCAK, CCSK, CISM, GCIH, GCIA, GSEC (Cloud security certification preferred).

Nice to haves:

• Proven experience with CASB and Cloud based logging and SIEM solutions.
• Understand threat analysis models like MITRE ATT&CK Framework.
• Knowledge and expertise in a myriad of Information Security Solutions across cloud and IT security.
• Experience with a variety of operating systems, Cloud Data Platforms (GCP, AWS, Azure) and Cloud Computing (SaaS, PaaS, IaaS).
• Monitoring non-traditional IT services such as SaaS and cloud services.
• Experience leveraging a development language to automate workflows, analysis, or integrations.
• Excellent analytical, interpersonal and communication skills both oral and written.
• Strong attention to detail.
• Self-directed / self-motivated.
• Result oriented with a hands-on mindset.
• Can-Do attitude.
• Ability to convey and explain complex technical information to non-technical staff.