SecureKey is the identity and authentication provider for organizations that deliver online consumer services. SecureKey delivers high-performance, easy-to-use, authentication platforms that reduce the burden, cost, and risks associated with authenticating millions of consumers while also improving the user experience.
SecureKey implements security in each phase of the authentication platform: design, development, testing, build, deployment and continuous operation. The Security Operations Analyst is a key role in the implementation of this security. You will be responsible for evaluating security technologies/tools, automating security tasks, continuous monitoring activities (analyzing scan/vulnerability assessment findings, defining and testing remediation steps and tracking vulnerabilities through to remediation implementation), improving our production alerting/monitoring solution, performing security impact assesments on production system changes.
The Security Operations Analyst will be the technical point of contact for third party assessors performing internal and/or external VA scanning, web application assessments and/or manual pen testing activities. To support third party assessments you will be responsible for providing the list of inscope systems that fall within the assessment scope, as well as ensure all access to systems is properly planned, provided for the assessment and removed following the assessment as applicable.
A key aspect of this role is also the understanding of cloud security deployments. The Information Analyst will be responsible for managing cloud infrastructure security hosted and integrated with SecureKey environments, ensuring any alerts are properly triaged and assessed and the scope is properly configured.
Candidate should have:
• Basic understanding of the OSI model
• Ability to read and interpret network diagrams.
• Ability to read and understand packet captures / protocol analyzers (wireshark, tcpdump, etc.)
• Knowledge of network intrusion prevention/detection techniques
• Knowledge of SIEM solutions and alert optimization
• Working Knowledge of Operating System Software (Microsoft Windows Client and Server, Mac and Linux)
• Understanding of Windows/Linux attack vectors and latest attack methods including MITRE attack framework
• Good understanding of Azure & 0365 cloud setups and related security alerts
• Good understanding of AWS architectures and related security alerts
• Advanced analytical and technical experience
• Good communication (verbal and written) skills
• Ability to assess and articulate risks to a system as a result of a suspected vulnerability, a proposed change or a compromise
• Actively detect, respond to, and remediate security events across infrastructure
• Understanding of cyber threat vectors and countermeasures
• Understanding of web servers apache, tomcat and their architectures
• Thorough understanding of security threat landscape
• Thorough understanding of Antivirus/Antimalware and triage experience with related events
• Good understanding of YARA rules
• Network/Host-based Intrusion Detection or Prevention Systems
• Strong working knowledge of TCP/IP networking/VPN, VLAN, NAT, and security concepts
• Perform the detailed and repeatable execution of all operational tasks as documented in SOC processes and subordinate procedures, also updating those procedures
• Close or escalate security events as necessary
• Document and maintain a knowledge base of alarms (false positives and false negatives, blacklists, whitelists) that IDS and IPS encounter.
• Ensure security events and incidents are detected and escalated in a timely manner.
• Provide analysis and investigation to determine if alerts or security events warrant incident classification.
• Track incidents through to final resolution.
• Perform incident triage to include determining scope, urgency, and potential impact.
• Basic understanding of the OSI model
• Ability to read and interpret network diagrams.
• Ability to read and understand packet captures.
• Experience performing offensive assessments, penetration testing or vulnerability analysis
• Have exposure to tools (Nessus, Burp, Nikto, Metasploit) to scan system devices for vulnerabilities according to compliance policies
• Basic scripting knowledge (bash, powershell, python)
• Basic understanding of Docker / Ansible
• Familiarity with ITIL or other recognized change management procedures
Ideal qualifications:
• University degree (BS/MS) in Engineering, Computer Science or equivalent
• Experience reviewing SOC alerts / triaging in a production environment
• Security +, SSCP, CSA (Certified SOC Analyst) and other technical security certifications
We are looking for a candidate that excels in a fast-paced and dynamic environment; One who can hit the ground running and provide immediate value, and who can be articulate and decisive with recommendations.
Be part of a high-performance team – submit your resume to human.resources@securekey.com.