Zyston is an information security solutions company providing businesses the comprehensive range of end-to-end services required to build and operate mature, cost-effective information security programs. Zyston’s flagship product and service– CyberCAST – provides the full-service capabilities required to manage complete oversight of an organization’s information security program.
We currently have a permanent opening for a Sr. Security (Lead) Analyst to join our team.
NOTES:
- The successful candidate will start each day at either 6am, 7am, or 8am Central Time.
- The successful candidate will have Strong experience in Threat Hunting as well as Security Analysis.
- The successful candidate will have some leadership experience.
- The successful candidate will have experience working in or with an MSSP.
- It is highly preferable that the successful candidate is able to work in the office in Addison, TX each Tuesday and Wednesday and remotely the other 3 days of the week.
The Senior Security Analyst will be the Subject Matter Expert (SME) on the investigation process, providing guidance to the Security Analyst team. The ideal candidate will be well versed in security event analysis through industry best practice toolsets, have a deep knowledge of current emerging threats, security content development, and be able to develop risk mitigation strategies required to protect the confidentially, integrity, and availability of information systems and data. Candidates should be proficient at working with internal business units and clients to resolve issues and develop effective action plans.
Key Responsibilities:
- Serves as the SME on the security event analysis process and procedures
- Performs advanced threat hunting exercises to identify unknown threats within a client environment
- Performs regular audits to gauge and improve performance including quality reviews (QA/QC) of current analysts based on Key Performance Indicators (KPIs) and provides feedback on improvement points to analysts
- Works as the primary communications channel between the analyst team and other SOC departments, establishing/driving projects based on these communications
- Works closely with Delivery Managers on client reporting, presentations, and meetings
- Participates in monthly status calls with clients to present key metrics and analyst findings
- Coordinates the implementation and execution of Long-Term Projects that align with managerial expectations as well as SOC wide goals under the guidance of SOC leadership
- Routinely evaluates Analyst team pain points via independent assessments or communication with analysts to drive independent and creative solutions to address these pain points
- Designates and drives Short Term Projects based on these evaluations.
- Lead incident investigations during client incident response scenarios
- Participate in the team’s on-call rotation to serve as an escalation point for after business hours
- Expected to conduct 1 week of Analyst II monitoring 2x/year to maintain visibility into analyst workflow, as well as to identify major pain points, and demonstrate leadership
Details:
- 80-90% of the role is as a senior security analyst. 10-20% as a threat hunter. The time spent on threat hunting will grow over time with potential to transition into an FTE for threat hunting in the future.
- This person will work Monday – Friday from 7am – 3pm Central time (with flexibility to work 6am - 2pm or 8am - 4pm Central time as alternative options)
- This person will work in office Tuesdays and Wednesdays.
- On-call bi-weekly. Call volume varies. 0-3 times per week usually.
Required Skills:
- Tier III analyst experience involving host analytics (EDR, Windows event logs, etc.), network-based evidence, and incident investigations
- Ability to conduct multi-source threat analysis utilizing SIEM event data
- Expert knowledge and experience using SIEM, EDR, vulnerability management, network traffic analysis and other industry standard security technologies for event investigation
- Advanced understanding of security relevant log ingestion required to achieve security use cases
- Strong understanding of IPv4, TCP/IP, low level networking and protocols, TCP/UDP ports and how they relate to security risk landscape
- Basic awareness of cloud technologies as it relates to security (AWS, Azure, GCP)
- Basic awareness of audit requirements (PCI, HIPAA, SOC, etc.)
Qualifications:
- 7+ years of technical experience in Information Security or Network Engineering with at least 3-5 years of experience in a Security Operations Center
- Must be available on a rotational basis to be the designated on-call Senior Analyst during off hours in case of a SOC emergency or inquiry.