200+ applicants

Company

Original Job Post

Deepwatch · 3 days ago

Security Analyst II

United States

Full-time

Remote

Entry, Mid Level

$74K/yr - $105K/yr

Wonder how qualified you are to the job?

Maximize your interview chances

Cloud SecurityCyber Security

Comp. & Benefits

Insider Connection @Deepwatch

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Monitor the SIEM for suspicious events and anomalous activity

Triage security events for criticality & do in-depth analysis on incidents to maintain SLA

Validate suspicious events and incidents using open-source and proprietary intelligence sources

Effectively document and manage incident cases in our case management system

Notify assigned customers of security incidents and interface with customers to provide investigatory support and additional information as needed

Handle escalations from Tier 1

Keep up-to-date with information security news, techniques, and trends

Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering

Report all operational issues or problems to the Shift Lead

Report any changes in customer environments to the Lead Analyst

Document new tools and techniques and disseminate them to the rest of the team including playbook creation

Mentor and assist Tier I analysts with professional development

Attend meetings and have value added conversations with customers

Develop an area of specialty with the goal of becoming a subject matter expert

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Incident ManagementSOARTicketing SystemsThreat IntelligenceAlert TriageForensics EventsAd-hoc ProjectsAttack InvestigationSIEM MonitoringSplunkSPLTier EscalationMentoringSecurity Tools ConfigurationMalware AnalysisStatic AnalysisDynamic AnalysisVirusTotalEDR ConsolePorts & ProtocolsLog CorrelationLog AnalysisHeader AnalysisLinux LogsMacOS LogsWindows LogsTicket ManagementDocumentationLog CollectionEmail Analysis

Required

Demonstrate experience managing security incidents and handling escalations from Tier 1

Possess experience with SOAR, Ticketing Systems and Threat Intelligence platforms

Analyze & triage alerts with a mix of ticket resolution, researching forensics events and ad-hoc projects

Investigate the type of attack and the data or systems impacted

Monitor SIEM (Splunk preferred). Within Splunk, should be at or above a power user level - should be able to read and understand SPL

Review SIEM alerts to see their relevance and severity

Make determinations on when to escalate to Tier 3

Mentor and assist Tier I analysts to help prioritize events

Oversee & configure security monitoring tools

Have experience with malware analysis, both static & dynamic, be able to review a hash in VirusTotal and look in the EDR console to identify what the malware is doing

Be proficient with ports & protocols

Correlate cross functional logs sources

Have Log Analysis experience including in-depth header analysis and review Linux/macOS/Windows logs

Be responsible for ticket hygiene & documentation

Be comfortable communicating with customers in meetings

Identify & reports any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering

Advanced email analysis

Demonstrate ability to monitor alerting through multiple cloud environments

Document new tools and techniques and disseminate them to the rest of the team (playbook creation)

Conduct full packet capture analysis & host forensics (Windows)

Communicate effectively to Team Leads, Managers & Customers as needed

Have a Degree in Information Security or Information Technology or equivalent experience