Book page

Security Analyst - Lexington, MA

Security Analyst - Lexington, MA

The Security Analyst II is a member of the Threat Assessment Team – which performs analysis on cyberthreats, research and develop new methods for detecting cyber threats, reviews and triages security alerts, and other suspicious system or network activity.  The Threat Assessment Team is actively involved with security incident handling and works closely with the Security Services Department from the start to the closure of an incident. Through data analysis, the Security Analyst identifies methods to mitigate future risk to networked systems. The Security Analyst researches external malicious cyberactivity to proactively identify ways to mitigate risk to the network. Also as part of the Information Technology Security Team the Security Analyst assists in the evaluation and testing of security tools and devices.

 

Adversary Detection

 

  • Research and develop ever changing methods to detect and alert on possible threat activity
  • Obtain Intelligence on developing actor TTP's
  • Identify ways to mitigate future risk to the Laboratory and request blocks to be put in place
  • Analyze samples from suspect systems or emails for further Indicators of Compromise

 

Cyber Threat Analysis & Assessment

 

  • Rapid assessment and determination of active threats
  • Perform threat analysis on suspicious messages to determine if spam, phishing and or a targeted email
  • Investigate sensor detections and alerts to determine severity of threat or false positive
  • Through log and data analysis determine scope or extent at which other systems were exposed to the same threat
  • Coordinate efforts among analyst to enhance mitigation efforts and avoid duplication of efforts
  • Coordinate with Security Services Department on threat impact, nature and potential scope
  • Publish detailed Threat Assessment reports as required
  • Identify, implement or request solutions (e.g. blocks) to mitigate future risk to the Laboratory

 

External Awareness

 

  • Research current malicious cyber activity at large
  • Research how vulnerabilities are being exploited and software affected
  • Proactively identify opportunities to mitigate potential threats based on research
  • Proactively identify any patterns within device and server logs based on research to potentially identify systems of interest through log analysis

 

Security Projects

 

  • Evaluate potential security software, tools or devices
  • Test new network security systems and changes to existing network security devices
  • Develop technical project plans, requirement documentation, test plans, change requests, and communications to users
  • This position is under general supervision of the Threat Team Lead
  • This position does not have any financial responsibility. However technical expertise may be required for assisting with product selection and annual product support renewals
  • This position will maintain frequent contact with internal department and/or Laboratory user community as well as external vendors to maintain communications related to problem resolution, systems upgrades, services and product research
  • This position interacts frequently with the Security Services Department to maintain communication related to data recovery for forensics analysis based on request, and identification of policy violations, systems of interest putting the network at risk, threats of interest or messages of interest

 

Qualifications

 

Required Minimum:

 

  • CompTIA Security+ Certification or equivalent
  • An understanding of TCP/IP network protocols and application layer protocols (e.g., HTTP, SMTP, DNS, etc.)
  • Good understanding of Windows, Mac and Linux Operating Systems and Event logging
  • Strong working knowledge of security tools and devices including SIEM and SOAR tools
  • Previous experience in developing and implementing detection mechanisms
  • Working knowledge Cyber Security in Cloud / DevSecOps including scripting (Python preferred)
  • Scripting knowledge including use of APIs to perform integration with systems where possible
  • Previous experience developing and deploying cybersecurity solutions to popular cloud platforms
  • Previous experience analyzing network or system logs for malicious activity
  • Some experience in malware analysis and/or reverse engineering, as well as analyzing email attachments and URL links for malicious content
  • Previous experience developing automations and/or playbooks in SOAR environments for response and remediation
  • Knowledge of industry standards such as MITRE ATT&CK, Cyberthreat Kill Chain and NIST standards – among others
  • Ability to work independently toward delivery of goals as well as collaborate in team efforts
  • Skill in interviewing users to determine source of potential malware or suspicious activity
  • Excellent customer service skills
  • Excellent verbal and written communication skills