Threat Defense Analyst

The Fortified Threat Defense team provides 24x7x365 managed security services for healthcare customers. Members of the Threat Defense team are responsible for monitoring and alerting on key security technologies within each customer environment, identifying security events, performing analysis, creating new and tuning existing detection rules, and integrating with client’s incident response activities. In this role, the Threat Defense Analyst I will monitor, detect, analyze, and report on security alerts discovered within Fortified Health Security’s customer infrastructures.

The Threat Analyst I will monitor various security technologies within these environments and report all investigated and validated findings to the proper customer in accordance with the approved communication plan.

The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.

• Partner with clients on service delivery execution of all LOBs including but not limitedto:
• Managed SIEM,Phishing, EDR, IoMT, & DLP
• Perform and document initial incident investigations.
• Present alerts,metrics, and remediation tasks to customers via approved communication plans.
• Working with team membersto continually improve security services through product tuning and maturity.
• Proactively and iteratively search through logs to detect advanced threats that are unknownto the current security solutions.
• Exercise multi-tasking skills by managing events in multiple systems, applications, and other priorities.
• Respond to incidents and client inquiries timely and professionally.
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analyst son duty.
• Remain up to date on the latest security threats and events.
• Monitor the “health” of key technologies during their shift.
• Novice/Beginner level understanding of the following subject matters:
• Incident Response,Analytical Intelligence, Playbook Management, Relationship Management, Technical Presentation, Detection& Suppression Rule Management, Scripting (Python, Bash, Power Shell), Compliance Frameworks (NIST,HIPAA, HITRUST, PCI)
• Intermediate level understanding of the following subject matters:
• Attack Frameworks, Troubleshooting & Root Cause Analysis, Advanced Documentation, Emotional Intelligence, Written and Verbal Communication, Security Platform Health Management, Security Platform Log Analysis, Linux OS & Events, Windows
  
  OS & Events,Healthcare Operational Knowledge, Endpoint Security Knowledge, Tools, & Best Practices, User Security Knowledge, Tools, & Best Practices, Network Security Knowledge, Tools, & Best Practices, Cloud Security Knowledge, Tools, & Best Practices, Data Security Knowledge, Tools,& Best Practices
• Familiarity with intrusion detection/prevention systems,firewalls, endpoint detection & response systems,anti-virus systems, DLP, vulnerability management, creating and managing phishing campaigns, and cloud infrastructure.
• Solid understanding of network security concepts and defensein depth.
• Knowledge of security incident and event management (SIEM), log analysis,network traffic analysis,malware investigation/remediation, SIEM correlation logic and alert generation.
• Demonstrated abilityto analyze, triageand remediate security incidents.
• Moderate knowledge of current threat landscape (threat actors,APT, cyber-crime, etc.).
• Solid understanding of OSI model, network protocols and information security concepts.

• 1+ years of direct
  
  InfoSec experience and/oran Associate’s degree in CS / MIS preferred.
• 1 + years hands on experience with security tools such as scanners, monitoring and detection, malware protection, security analysis tools and compliance tools (both network and host-based solutions).
• 1+ years' technical experience in the security aspects of multiple computer platforms, operating systems, products, network protocols and system architecture or equivalent training and knowledge through education.

• Ability to understand SIEM correlation rules and corresponding alerts.
• Understanding of configuration and development of processes, procedures and practices for enterprise security systems,
• Prior experience and ability to demonstrate configuring SIEM applications / devices (ie. QRadar, Splunk, Log Rhythm, McAfee, Alien Vault).
• Capable of communication with clients via conference calls and/or emails to review and discuss alert data and security report findings.
• Familiarity with MS Office.
• Strong understanding of TCP/IP, including IPv4 subnetting.
• Basic understanding of firewalls, IDS/IPS,antivirus, syslog, VPN, RDP, SSH and Telnet.
• Basic abilityto run and troubleshoot Power Shell / BASH / Python scripts.
• Security Certifications such as CompTIASecurity +, SANS,or CISCO are a PLUS.
• Ability to document and communicate in a clear,concise, and…