Threat Defense Analyst L2

Job Summary

The Fortified Threat Defense Center provides 24x7x365 managed security services for healthcare customers. Members of the Threat Defense team are responsible for monitoring and alerting on key security technologies within each customer environment, identifying security events, performing analysis, creating new and tuning existing detection rules, and integrating with client's incident response activities. In this role, the Threat Analyst 2 will monitor, detect, analyze, and report on security alerts discovered within Fortified Health Security's customer infrastructures. The Threat Analyst 2 will monitor various security technologies within these environments and report all investigated and validated findings to the proper customer in accordance with the approved communication plan.

Essential Job Functions

The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.

• Partner with clients on service delivery execution of all LOBs including but not limited to:

o Managed SIEM, Phishing, EDR, IoMT, & DLP

• Perform and document initial incident investigations.

• Present alerts, metrics, and remediation tasks to customers via approved communication plans.

• Work with associates to continually improve security services through product tuning and maturity.

• Proactively and iteratively search through logs to detect advanced threats that are unknown to the current security solutions.

• Exercise high-level multi-tasking skills by managing events in multiple systems, applications, and other priorities.

• Respond to incidents and client inquires timely and professionally.

• Generate end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.

• Remain up to date on latest security threats and events.

• Monitor the "health" of key technologies during their shift.

• Intermediate/Advanced level understanding of the following subject matters:

o Incident Response, Analytical Intelligence, Playbook Management, Relationship Management, Technical Presentation, Detection & Suppression Rule Management, Scripting (Python, Bash, PowerShell), Compliance Frameworks (NIST, HIPAA, HITRUST, PCI)

• Advanced level understanding of the following subject matters:

o Attack Frameworks, Troubleshooting & Root Cause Analysis, Advanced Documentation, Emotional Intelligence, Written and Verbal Communication, Security Platform Health Management, Security Platform Log Analysis, Linux OS & Events, Windows OS & Events, Healthcare Operational Knowledge, Endpoint Security Knowledge, Tools, & Best Practices, User Security Knowledge, Tools, & Best Practices, Network Security Knowledge, Tools, & Best Practices, Cloud Security Knowledge, Tools, & Best Practices, Data Security Knowledge, Tools, & Best Practices

• Fluent with intrusion detection/prevention systems, firewalls, endpoint detection & response systems, anti-virus systems, DLP, vulnerability management, creating and managing phishing campaigns, and cloud infrastructure.

• Solid understanding of network security concepts and defense in depth.

• Knowledge of security incident and event management (SIEM), log analysis, network traffic analysis, malware investigation/remediation, SIEM correlation logic and alert generation.

• Demonstrated ability to analyze, triage and remediate security incidents.

• Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.).

• Solid understanding of OSI model, network protocols and information security concepts.

Knowledge & Skills

Education & Experience

• 2+ years of direct InfoSec experience and/or an Associate's degree in CS / MIS preferred.

• 2+ years hands on experience with security tools such as scanners, monitoring and detection, malware protection, security analysis tools and compliance tools (both network and host-based solutions).

• 2+ years' technical experience in the security aspects of multiple computer platforms, operating systems, products, network protocols and system architecture or equivalent training and knowledge through education.

Special Skills & Knowledge

• Ability to understand SIEM correlation rules and corresponding alerts.

• Understanding of configuration and development of processes, procedures and practices for enterprise security systems,

• Prior experience and ability to demonstrate configuring SIEM applications / devices (ie. QRadar, Splunk, LogRhythm, McAfee, AlienVault).

• Capable of communication with clients via conference calls and/or emails to review and discuss alert data and security report findings.

• Familiarity with MS Office.

• Strong understanding of TCP/IP, including IPv4 subnetting.

• Intermediate understanding of firewalls, IDS/IPS, antivirus, syslog, VPN, RDP, SSH and Telnet.

• Proficient ability to run and troubleshoot PowerShell / BASH / Python scripts.

• Security Certifications such as CompTIA Security +, SANS, or CISCO are a PLUS.

• Ability to document and communicate in a clear, concise, and effective manner.

• Intermediate/Advanced understanding of compliance frameworks (i.e., NIST, HIPAA, HITRUST, PCI).

Licenses, Certifications, etc.

• N/A

Requirements

Supervisory Responsibility

• N/A

Working Conditions & Travel Requirements

• Travel as needed.

Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.