The Security Analyst will play an integral part in extending our customers team and delivering an outstanding customer experience to allow Alert Logic customers the freedom to conduct business safely. Reporting to the Operational Lead of the Security Operations team, the Security Analyst will act as a Customer Champion, always working with the relentless ambition to resolve customer incidents and questions by demonstrating ownership, empathy, and a desire to broaden their knowledge and skills.
The Security Analyst will be expected to demonstrate their understanding of Alert Logic Products and Services by providing our customers with a route to resolution. Armed with a good understanding of core elements of the Alert Logic Products and Services and operational workflows, the Security Analyst will facilitate our goal of providing our customer World Class Customer Experience, best-in-class security outcomes, and technical support for a wide variety of products, technologies and applications, ensuring the protection our customers assets.
- To provide collaborative support to the wider Security Operations team.
- To work closely with our customers and internal teams to provide detailed and meaningful analysis and response for security related queries and product issues.
- To work with Security Operations Center colleagues and other technical teams to ensure that customer queries are addressed promptly and according to Standard Operating Procedures, Customer Management processes always with the intent to provide World Class Customer Service.
- To review and identify improvements to current knowledge base articles (KBAs), standard operating procedures (SOPs) and operational processes for the benefit of our customers and internal teams.
- To be an entry point role into the Alert Logic Security Operations Team, by serving as a cross-functional team member capable of functioning at an entry level capacity, in either support and/or security-oriented tasks.
- To monitor global NIDS, Firewall, and log correlation tools for potential threats.
- To extend our customers team, providing basic security advice to customers and team members.
- Provide World Class Customer Experience and security outcomes for Alert Logic Customers
- Demonstrate ownership of customer issues.
- Communicate directly with the end customers and partners; set clear expectations on how often updates to a case will be received.
- Follow defined escalation paths to ensure proper issue resolution.
- Investigate and advise Alert Logic customers concerning risks and active vulnerabilities identified within monitored network environments.
- Escalate high priority technical or security related issues to the Technical Lead.
- Engage, liaise with and support Alert Logic customers to overcome and resolve service impacting issues and challenges experienced with the use of Alert Logic products and services.
- Provide support to Alert Logic customers by analyzing and reviewing logs or functional events within our customers’ network systems and reporting on any abnormalities to security or operational customer contacts.
- Have a basic understanding of Alert Logic products and services, in addition to having industry recognized skills relating to information security, Linux, Windows and Networking
- Effective communication of information relating to Customers and operational delivery between shift teams
- Collaborate with peers to identify improvements to the customer experience and to maximize operational efficiencies.
- Initiate escalation procedures to counteract potential threats/vulnerabilities.
- Assist in the coordination of the Alert Logic response to Customer Reported Events.
- Tune Alert Logic propriety security products to generate higher fidelity observables and reduce benign or “noisy” events from customer environments.
- Analyze, escalate and respond to security events, observables and incidents detected by Alert Logic propriety security products.
- Resolve requests and incidents in a timely manner in accordance with customer contracted Service Level Agreements
Required Attributes (personal):
- Demonstrate the ability to troubleshoot and diagnose commonplace production application, system and network issues to provide rapid remediation within a collaborative environment.
- Strong belief in ownership, from identification, through resolution and validation of Operational issues.
- A team player who is willing to participate in the day to day activities.
- A detail-oriented working style.
- The ability and willingness to communicate.
- The willingness to share knowledge with team members, leadership, and customers.
- Strong Customer Focus.
Required Attributes (technical):
- Be able to prioritize escalated cases/requests.
- Basic command of Linux systems administration and working with BASH
- Basic understanding of networking including TCP/IP
- Basic experience with network monitoring and packet analysis tools
- Basic understanding of a cloud environment & infrastructure (AWS, Azure, Google Cloud, etc.)
- Basic hands on experience working with Windows infrastructure
- Basic experience in one of Linux, Windows or Database administration
- Basic hands on experience configuring Windows or Linux system logging
- Basic understanding of Windows or Linux logging / auditing capabilities
- Basic understanding of HTTP, SSL/TLS, SOAP, and reverse proxies
- Basic experience using an IDS eg, Snort.
- Basic understand the Top 20 Critical Security Controls for Effective Cyber Defense
- Basic understanding of the OWASP Top 10
- Basic knowledge of threat vectors against the Windows or Linux platform
- Basic hands on experience with network security or equivalent study
- Basic experience with anomaly detection based on security systems
The Security Analyst, with guidance/assistance will:
- Analyze and report on commonplace logs and network traffic.
- Be able to locate and apply proper technical documentation and knowledge base articles to resolve customer inquiries.
- Be able to communicate directly to the customer/partner via phone/email/chat.
- Have a basic understanding of Alert Logic products and services; (Threat Manager, Log Manager and Web Security Manager).
- Have a basic understanding of escalation paths/procedures.
- Capability and skill reviews will take place during one-on-one sessions, with formal performance reviews taking place in line with the Alert Logic appraisal schedule.
- Assessment of ability will be carried out by the Operations Lead and Manager.
- The Security Analyst will work on a scheduled shift of 40 working hours per week. These shifts will be in accordance with the Alert Logic Shift Policy.
- Security Operations Center operates under the “Follow the Sun” approach and the shift start times will therefore be set to ensure 24-hour coverage between the US and the UK. These shifts will be in accordance with the Alert Logic Shift Policy.
- The Security Analyst will take daily tasking from the Operations Lead and where appropriate, the Manager, and will be required to work collaboratively with other team members, both within the Security Operation Center and with other internal departments, to ensure that cases are acknowledged, prioritized, and resolved within the agreed timescales.
Job found on: