Brooksource is searching for an Associate Information Security Analyst for one of our leading healthcare partners located in Indian Land, SC for a 6 month contract to hire. This is the ideal opportunity for a candidate with 1-3 years of experience to quickly make a tangible impact with their Cybersecurity Incident Response Center.
Under the direction of the Cybersecurity Incident Response Center Manager, the Information Security Analyst is responsible for security event monitoring and incident detection tasks within the organization. Serving in a key security event monitoring and incident detection role, the Information Security Analyst will use information collected from a variety of sources to identify, analyze, and report cybersecurity events that occur or might occur within the enterprise network in order to protect information, information systems, and networks from threats.
Daily you will:
· Develop, implement, and carry out the appropriate activities to detect and identify the occurrence of cybersecurity events, investigates security notifications, analyzes detected events to understand attack targets and methods, determine the impact of an event, conduct continuous security monitoring of the network and personal activity.
· Monitor for unauthorized personnel, connections, devices, and software. Monitor for malicious code.
· Communicates detected cyber security events to the appropriate parties, escalates events as a security incident where appropriate, and categorizes security incidents.
· Test detection processes and continue to improve the process.
· Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
· Monitor external data sources (e.g., Enterprise Network Defense (END) vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of END threat condition and determine which security issues may have an impact on the enterprise.
· Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
· Determine tactics, techniques and procedures (TTPs) for intrusion sets
· Knowledge of information assurance (AI) principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data.
· Knowledge of intrusion detection methodologies and techniques for detecting host and network based intrusion via intrusion detection technologies.
· Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
· Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
· Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
· Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
· Basic knowledge of how traffic flows across the network (TCP/IP), and network protocols (TCP/IP, DHCP, DNS), and Virtual Private network (VPN) security.
· Basic knowledge of cyber defense policies, procedures, and regulations.
· 1-3 years of well-rounded experience in IT (i.e., networking, server administration, help desk, and/or equivalent covered by degree in similar area).
· Ability to read and understand logs from disparate systems.
· Basic to intermediate understanding of networking principles.
· Understand common security principles (e.g., least privilege, hardening, etc.).
· Basic ability to understand query or programming logic (e.g., writing search queries or logic statement in our various tools).
· Noted interest in continuing education/training showing desire to learn.
Nice to haves
· Previous scripting/programming experience for automation of tasks.
· Previous SIEM or related security technology experience (ex: Splunk Enterprise Security)
· Intermediate to advanced understanding of networking principles (This may be a stretch depending on what we consider “advanced”).
· (Direct report): Reporting directly to the Cyber Incident Response Center Manager
· (Team size): 14, but growing quickly!
· (Hours): Regular 8-5 M-F with limited weekends or on call
· (Dress code): Business casual
Qualities of a Top Candidate:
· (Top characteristic): Strong communicator who can come in at the associate level to learn and energize senior team members with new ideas and creative solutions. Ability to eagerly seize responsibility, ownership, and initiative for assigned tasks.
· (Can't miss quality): Ability to embody poise, presence, and personal integrity expected of an industry professional
· (Technical skills): CompTIA Security+ and Splunk Experience
· (Soft Skills): Ability to present ideas in a professional manner
Benefits of working with Brooksource:
· Constant communication and updates with your Brooksource Recruiter. Every 48 hours you will get a personal update on where you stand in the process
· No games or tricks. We believe in a direct, honest and transparent recruiting process
· Intelligent conversations, our recruiters are technically trained and have complete understanding of the technical aspects of the positions
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.