at Levi, Ray & Shoup, Inc. in Springfield, Illinois, United States
Who We Are (http://www.lrs.com/)
+ Company Overview (http://www.lrs.com/Who-We-Are/Company-Overview)
+ A Message from Our CEO (http://www.lrs.com/Who-We-Are/A-Message-from-Our-CEO)
+ What We Believe
+ Our Mission (http://www.lrs.com/What-We-Believe/Our-Mission)
+ LRS Philosophy & Values
+ Community Involvement (http://www.lrs.com/What-We-Believe/Community-Involvement)
+ Divisions (http://www.lrs.com/Divisions)
+ Our Culture (http://www.lrs.com/Careers/Our-Culture)
+ Diversity (http://www.lrs.com/Careers/Diversity)
+ Offices (http://www.lrs.com/Offices)
+ LRS Offices
+ LRS Distributors (http://www.lrs.com/Offices/LRS-Distributors)
Employee Login (http://www2.lrs.com) File Transfer
CareersAdded Sep 14, 2023 Tier 2 Security Analyst (25856) Springfield, IL | Temp to Perm Apply (https://evoportalus.tracker-rms.com/LRS/apply?jobcode=25856)
For additional information on how we handle your data, seewww.LRS.com/privacy
Join a passionate and purpose-driven team that delivers on LRS’ mission of providing outstanding information technology solutions, products, and services. At LRS, you will work collaboratively and help our clients’ businesses thrive and flourish, while in a workplace that values respect for others, hard work, honesty, initiative, and achievement.
Our team is growing, and we are seeking a SIEM Analyst for a 6 month contract to hire opportunity to support our managed security offering. This Tier 2 SIEM Analyst role provides an opportunity for you to enhance or develop cybersecurity skills utilizing industry-leading technology and tools.
A Tier 2 SIEM Analyst provides visibility into the network, user, and application activities occurring in a customer environment. As the primary SIEM tool, IBM’s QRadar provides the collection, normalization, correlation, secure storage of events, flows, asset profiles, vulnerabilities and classifies suspected attacks and policy violations as offences. In this role, you will be observing these details and making decisions on how to appropriately respond.
+ Utilize IBM Security QRadar and/or QRadar on Cloud (QRoC) to identify potential security events within client environments.
+ Receive and investigate alerts daily, determining their relevance and urgency.
+ Escalate or perform triage to ensure that a genuine security incident is addressed with urgency.
+ Performing Security Operations Center activities in the following areas:
+ Analysis of customer events and offenses in the QRadar console
+ QRadar deployment, administration, architecture, and design
+ Cyber threat intelligence review and analysis
+ Review of EDR, NDR, and next gen firewall alerts and logging criteria in a SOC
+ SOAR experience in deployment, architecture, and design
+ Playbook design and editing
+ Workflow process creation
+ Alert review, triage, and incident response
Requisite Skills and Knowledge:
Security operations analyst/engineer with at least 3 years’ experience in security operations with emphasis on but not limited to the following technical criteria:
+ Security orchestration automation and response with playbook/workflow/process design and implementation
+ QRadar administration and use-case development
+ Familiarity with cybersecurity tools from the perspective of responding to and mitigating risk from within a formalized security operations center environment such as:
+ Network/Endpoint/Extended Detection and Response (NDR/EDR/XDR)
+ Interpretation of raw network traffic (e.g. packet capture) and determining whether activity is legitimate.
+ Network monitoring, log management and log analysis from a variety of network sensors to investigate suspect network activity
+ Assist in operating all technical security systems and their corresponding or associated user/analyst interfaces, including web proxy filtering systems, host and client-based firewalls, intrusion detection/prevention systems, endpoint security systems, anti-malware, and anti-virus software to monitor network activity.
+ Conducting investigations, malware analysis, and preparation of comprehensive reports with timely escalations to Network or Security Engineering, for review.
+ Remain informed on trends and issues in the security industry, including current and emerging technologies.
+ Understanding the function of Web Application Firewall (WAF), Next Generation Firewall (NGFW), Intrusion Detection and Prevention Systems (IDPS), and other networking security tools
+ Knowledge of SOC tools such as VirusTotal, various Sandboxes, various Malware Analysis tools
+ Knowledge of TCP/IP networking: networking topology, protocols, and services.
+ Advanced Knowledge of Microsoft and Linux operating systems
+ General understanding of computer networking technologies, protocols, and topologies.
+ Understanding of Digital Forensics and Incident Response (DFIR)
+ Experience in tracking key metrics to facilitate and report on strategic security operations functions that impact overall business continuity
+ Utilization of security frameworks such as NIST, CIS, and MITRE ATT&CK
Duties and Responsibilities:
+ Provide situational awareness of cyber activity to LRS customers, escalating events identified in QRadar.
+ Monitor, prioritize, and escalate events for triage.
+ Correlate event data from multiple sources and sensors.
+ Review large amounts of log data (e.g., firewall, network flows, IDS, and system logs).
+ Categorize, prioritize, and normalize event information following incident response playbooks to determine if a security incident is taking place.
+ Create incident reports, send notifications, update documentation, and collect metrics regarding cyber security activities.
+ Coordinate with junior and senior SIEM Analysts, IT Operations, customers, or other team members.
+ Submit or contribute to after-action reports and support post-incident follow-up activities as needed.
+ Apply critical thinking in understanding new and emerging threats.
+ Assist with the analysis of specific threats to assist in the development of new use cases and rule sets to detect, report, log, track, and escalate security events.
+ Bachelor’s Degree or equivalent work experience/certifications
+ 5+ years in cybersecurity roles
Desired Experience and Education:
+ Analyst/engineer experience with QRadar, or other SIEM products like Splunk, LogRhythm, Exabeam, etc.
+ Current security certifications – Security+, CEH, OSCP, etc.
+ Python/PowerShell or similar coding relative to cybersecurity skill sets
+ Experience leading meetings and presentations for management and executive level personnel.
LRS is an equal opportunity employer. Applicants for employment will receive consideration without unlawful discrimination based on race, color, religion, creed, national origin, sex, age, disability, marital status, domestic partner status, sexual orientation, genetic information, citizenship status or protected veteran status.