Security Operations Analyst, Senior

Whoweare.

NewfoldDigital is a leading web technology company serving millions of customers globally. Our customers know us through our robust portfolio of brands. We have some of the industry's most prominent and storied go-to-market brands, including Bluehost, HostGator, Domain.com, Network Solutions, Register.com and Web.com. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs. The strength of our company lives in the intersection of our people, our customers, and our brands.

About the role:

Security Operations Analyst is responsible for day-to-day security threat monitoring and analysis. The Security Operations Analyst manages security incidents and reviews security alerts for compliance and will work with senior analysts on known or suspected security threats. Security Operations Analyst will work on threat intelligence, forensics and incident response that adhere to best practices and recognized control frameworks. Security Operations Analysts are expected to work shifts and be assigned to on-call duties, as necessary, to support the global enterprise.

Advanced professional role requiring high skill with extensive proficiency. Works independently with only administrative supervision and the ability to overcome major obstacles and recognize early when issues should be escalated, or a senior peer needs to be consulted. Wide latitude for independent judgment and is expected to provide guidance and cross training to others. Effectively communicates with all levels of technical and non-technical personnel. Consults with senior peers on moderate to complex processes to learn through experience. Typically requires a minimum of 5 - 7 years of experience in security-related fields or related disciplines.

What you'll do and how you'll make your mark:

• Take actions to identify, assess, and contain threats to enterprise systems, infrastructure, and business applications.
• Manage and support the log collection, security scanning, intrusion detection, content filtering, and other security-related systems.
• Review and triage information security alerts, provide analysis, determine, and track remediation, and escalate as appropriate.
• Provide support for the log management and security information and event management (SIEM) solutions.
• Ensure authorized access by investigating improper access, revoking access, reporting violations, and monitoring information requests.
• Detect and respond to malicious behavior on public cloud, workstations, and server environments, and distributed networks.
• Optimize threat detection and alerting for data loss prevention (DLP), email protection solutions, endpoint detection and response (EDR) and threat hunting solutions, cloud and workload security products, intrusion prevention/detection systems, firewalls, and other industry standard security technologies.
• Proactively hunts for threats within complex and distributed networks across the enterprise. Write, update, and maintain detection signatures and signals, tune systems/tools to optimize detections, and develop automation scripts and correlation rules.
• Maintain knowledge of adversary tactics, techniques, and procedures (TTP) and available threat intelligence to develop and implement detection and mitigation strategies.
• Conduct forensic analysis and review on systems and engage with third-party resources as required.

Who you are and what you'll need to succeed:

• A degree in Cybersecurity, Information Technology, Computer Science, or related field is desirable.
• Industry recognized certifications are a plus. Certifications may include: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), CompTIA Security+, certifications issued by the SANS Institute, etc.
• Certifications issued by public cloud providers (AWS, Azure, Google, Oracle, etc.) is a plus.
• Experience in forensics, malware analysis, threat intelligence.
• Ability to understand, modify and create threat detection rules within a SIEM.
• Understanding of log collection and aggregation techniques such as Elasticsearch, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
• Knowledge and experience with both Windows and Linux operating systems.
• Experience using Python, Perl, PowerShell, or an equivalent scripting language.
• Experience with the MITRE ATT&CK framework tactics and techniques.
• Experience with network forensics and associated toolsets and analysis techniques.
• Experience with host-based detection and prevention solutions.
• Ability to reverse engineer malware is a plus.
• Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities.
• Ability to quickly create and deploy countermeasures or mitigations under pressure.
• Experience with incident response and incident management procedures.
• Build effective relationships.
• Develop and use collaborative relationships to facilitate the accomplishment of work goals.
• Experience with the PCI-DSS, ISO-27001, and/or SOC II compliance frameworks is a plus.
• Experience implementing and measuring security controls aligned with NIST 800-53 and the Center for Internet Security (CIS) is a plus.
• Project Management skills is a plus.
• Experience with the following technologies is a plus:
• Sentinel One Singularity Platform, Tanium, Google Chronicle SIEM, Cloudflare L3-L7 security technologies, Atomicorp (ModSec), Tenable.io, Lacework, Recorded Future, ServiceNow, Jira, Microsoft Defender for Endpoints, Microsoft Security and Compliance, Virus Total, SiteLock, Monarx, NGNIX.
• Experience with the native security service solutions for public cloud service providers (AWS, Google, Azure, Oracle) is a plus.

This Job Description includes the essential job functions required to perform the job described above, as well as additional duties and responsibilities. This Job Description is not an exhaustive list of all functions that the employee performing this job may be required to perform. The Company reserves the right to revise the Job Description at any time, and to require the employee to perform functions in addition to those listed above.