Technical Security Analyst

Seeking a Technical Security Analyst to lead staff in the implementation & execution of technical aspects of the clients enterprise security plan. Will act as the SME on security issues & projects so ESEC team members can increase their security knowledge. Must have strong security incident response exp. & exposure to forensic analysis either with a forensic tool (e.g. Encase or Forensic Tool Kit, etc.) or exp. with sandboxing.

Duration: 12-month contract position
Work location: San Jose (1st week onsite for training/remote onward)

Duties:
-Proactively identify and assess threats to users, network & data.
-Monitor and respond to reports of malicious activity.
-Respond and investigate intrusions and security events.
-Demonstrate an understanding of client threat landscape including performing gap analyses & driving assessments.
-Perform thorough analysis of attacks and anomalous network behavior.
-Provide summarized and detailed analysis and documentation in support of ESEC.
-Perform proficient forensic analyses using security tools & processes.
-Identify Actionable Intelligence by processing Threat Intelligence (TI).
-Demonstrate ability to identify, contain, eradicate and recover from security incidents.
-Communicate with business units, partners and individuals to mitigate security threats.
-Advise the CISO and ESEC team on matters involving organizational, strategic, tactical & security best practices related to forensics & security incidents management.
-Attend meetings/represent ESEC as a senior lead for all security matters.
Act as a lead/co-lead/backup on assigned ESEC projects while performing daily operational duties.
-Mentor junior staff colleagues.
-Create a standard operating procedure and training documents.
-Other duties, as assigned to meet ESEC needs and requirements.

Experience:
-At least 5 yrs. of enterprise information security & technical exp. conducting security incident response.
-Exposure to forensic analysis using a forensic tool (e.g., Encase or Forensic Tool Kit, etc.) or exp. with sandboxing.
-At least 5 yrs. of cyber threat intelligence exp. & making the information usable through the sec. incident process.
-Working exp. of applying IOCs to identify threats in current environment & apply information to prevent future vulnerabilities in the infrastructure tech security.
-Working exp. using best practices standards & frameworks: ISO 27001/27002; PCI DSS v4, GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF; CIS RAM.
CISSP and CCFP or equivalent certification desired (e.g., CCE, CHFI). Other highly desirable security certifications may be substituted for CISSP (e.g., CISA, CISM, etc.)

Tech. stack environment exp:
-Hardware: Network Switches, Routers, Load Balancers, Servers, Storage Systems, End-User Systems, Mobile Devices, or other devices that enable the organization to complete its mission.
-OS: UNIX, LINUX, WINDOWS. -Network: LAN WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
-Network protocols: TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA, etc.
-DBs: Oracle, SQL, MySQL.
-Cloud Platforms: IAAS, PAAS, SAAS.
-Security concepts: Encryption, Hardening, etc.
-Security GRC.
-Forensic analysis tools.
-Active Directory
-Programming languages a plus.
-Computer forensics exp. a plus.
-Prior SIEM exp. a plus.
-Malware analysis skills a plus.