Global CERT Security Analyst in Parsippany, NJ at Securitas Security Services USA

Date Posted: 4/4/2020

Job Snapshot

Job Description

Job Code: 92640817402

Category: IT

JOB SUMMARY:

Securitas is establishing a Global CERT in order to organize Security Operations at a global scale. The Global CERT Security Analyst is responsible for operating the four functions of Cyber Defense in this growing team. You will work closely with other IT functions to ensure that your findings and actions are swiftly acted on across the organization.  You will report to the head of CERT and functionally, via the Head of CERT into the Chief Digital Security Officer of the group. Your reporting will be focused on operational execution of your activities and any improvements that can be introduced. Within the team of the Chief Digital Security Officer you will have a security capability architect counterpart that will take your input to factor into the strategic development and planning for the capability.

ESSENTIAL FUNCTIONS:

This globally operating function is focused on the following activities:

  • Vulnerability Management across tools, processes and organization;
  • Security Monitoring of the IT Environment both on-premise as well as in the cloud;
  • Security Incident Management to handle security incidents across the Securitas Group;
  • Cyber Threat Intelligence to acquire the knowledge about IOCs, TTPs and threat landscape evolutions that is needed to maintain a world class Cyber Defense practice;

Job Requirements

This globally operating function is focused on the following activities:

  • Vulnerability Management across tools, processes and organization;
  • Security Monitoring of the IT Environment both on-premise as well as in the cloud;
  • Security Incident Management to handle security incidents across the Securitas Group;
  • Cyber Threat Intelligence to acquire the knowledge about IOCs, TTPs and threat landscape evolutions that is needed to maintain a world class Cyber Defense practice;

Relevant domain competencies and experience we seek:

Vulnerability Monitoring:

  • Familiarity with enterprise-class vulnerability management architectures and solutions, incl. e.g. Tenable, Qualys, Nessus;
  • Ability to integrate vulnerability information into standard IT Asset Management;
  • Ability to perform hands on vulnerability analysis via tools such as Burpsuite
  • Ability to write scripts to detect vulnerabilities at scale should a definition not be available commercially

Security Monitoring:

  • You have some initial experience (e.g. 1 to 2 years) working in a security monitoring function (working with ArcSight, Splunk, Q-Radar, Elastic, etc.)
  • Excellent working knowledge of computer networks (TCP/IP) & operating systems (Windows, Unix)
  • Good knowledge of key log types commonly seen in corporate environments (Windows event logs, Sysmon, Syslog, proxy logs, DNS logs…);
  • Able to analyze complex logs of different sources including endpoints, cloud applications, network devices and even raw network traffic;
  • Able to triage, correlate, and parse complex data streams and alerts
  • Able to finetune existing rules / use cases to optimize automated detection capability;
  • Basic understanding of enterprise class security monitoring architectures;

Cyber Threat Intelligence:

  • Fundamentally understand how attackers operate (e.g. able to explain how a typical attack chain works);
  • Able to hunt environments to identify suspicious / malicious behavior that was missed by automated alerts / signature-based detection;
  • Experience / knowledge of MITRE ATT&CK as a common framework to describe adversary techniques;
  • Experience with offensive security tools & techniques (e.g. Metasploit, Empire, Covenant etc.);

Incident Response:

  • A robust understanding of security incident response stages and requirements;
  • Ability to operate under pressure and uncertainty;
  • Experience of and ability to drive global escalations within complex organizations with multiple suppliers;
  • Ability to create remediation toolsets or scripts utilizing powershell as needed

MINIMUM QUALIFICATIONS AT ENTRY

At least 1 relevant Professional Certification: GCDA (GIAC Certified Detection Analyst), GMON (GIAC Continuous Monitoring Certification), GCFE (GIAC Certified Forensic Examiner), GCFA (GIAC Certified Forensic Analyst), GCIA (GIAC Certified Intrusion Analyst), GCED (GIAC Certified Enterprise Defender), GPPA (GIAC Perimeter Protection Analyst), GCCC (GIAC Critical Controls Certification), GDAT (GIAC Defending Advanced Threats)

EDUCATION/EXPERIENCE:

BS in Computer Science or related field and 5-8 years of successful and progressively responsible Cyber Security Analysis experience, or an equivalent combination of education and experience sufficient to perform the essential functions of the job, as determined by the company.

COMPETENCIES: (as demonstrated through experience, training, and/or testing):

  • Robust SecOps analytical capabilities
  • Engaging and Educational Communication skills
  • Strong Logic and Reasoning Skills
  • Comfort giving expert advice
  • Ability to work collaboratively