Job Id: MI-564787 (99590710)
Security Analyst (OSCP/ CISSP) with SIEM, network protocols architecture, Bro, Suricata, Sourcefire, Snort, Wireshark, Perl, Python, PowerShell/Bash and SANS Experience
Location: 7150 Harris Dr, Dimondale, MI 48821 (DTMB- MCS)
Duration: 6 Months
Positions: 2 (2/4)
Agency Interview Type: In Person only
Years of Experience:
8 or more years of experience in the field.
Skill Required / Desired Amount of Experience
In-depth knowledge of security monitoring and incident response Required 5 Years
Knowledge of conducting security investigations. Required 5 Years
Experience with using and customizing SIEM products. Desired 5 Years
Solid understanding of network protocols and architecture. Required 5 Years
Demonstrated experience with performing digital forensics and incident response using industry leading tools. Required 5 Years
Experience with network intrusion detection and analysis tools such as Bro, Suricata, Sourcefire, Snort and Wireshark. Required 5 Years
Experience solving problems with scripting languages such as Perl, Python, PowerShell or Bash. Required 5 Years
Demonstrated experience operating information security tools is required. Required 5 Years
Demonstrated experience integrating information security tools is required. Required 5 Years
Understanding of the tactics, techniques and procedures of advanced attackers Required 5 Years
Ability to leverage multiple forms of communication to articulate complex concepts to technical and non-technical staff, including senior management Required 5 Years
SANS Training Desired
EnCase Certified Examiner (EnCE) Desired
Offensive Security Certified Professional (OSCP) Desired
• 5 years of experience in Security Operations and Incident Response. Required 5 Years
• Member of the Michigan Security Operations Center (MiSOC) and will focus on Incident Response.
• Identify security issues and risks associated with security events and manage the incident response process.
• Participate in the incident response and investigation process for identified security events.
• Use the Security Incident Event Management (SIEM) platform (IBM’s QRadar) to perform Incident Response identification and response.
• Perform network and system forensics in response to security incidents.
• Optimize and customize security-monitoring tools to improve detection.
• Hunt for signs of APT activities.
• Maintain and update the security operational workflow.