Michigan IT Jobs

Mobile michigan-jobbank Logo

Job Information

Beaumont Health System Cyber Security Analyst Sr in Southfield, Michigan

Cyber Security Analyst Sr Req #: 30132736 Category: Business Ops Facility: Beaumont Services Center Department: IT Cyber Security Admin Schedule: Full time Shift: Days Job Details:Position Title: Cyber Security Analyst Sr.General Summary: The Senior Cyber Security Analyst is responsible for developing the day-to-day functions within cyber security operations. As a member of the Cyber Threat Monitoring team, this incumbent is responsible for coordinating a continuous hunt across a global network leveraging enterprise wide capabilities to search for indicators of compromise. This candidate must have advanced, expert knowledge of data, network, user access, and system security techniques and tools. Additionally, this candidate would enrich existing cyber intelligence by conducting creating new techniques, processes and procedures for Security Operations Center. Additionally, the incumbent will perform cyber threat intelligence review, assessing and tracking potential cyber threats commonly associated with attempted intrusions, network host-based attacks (external internal), product vulnerabilities, etc., and coordinate incident response and remediation efforts. This individual understands Internet architecture and firewall configuration to protect system security.Essential Duties:Conducts investigations/forensics on security events.Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis (e.g., SIEM, IPS, firewall, etc.).Conduct cursory and in-depth computer forensic investigations to reconstruct events, identify unknown intrusions through use of indicators of compromise, and to identify and track any internal lateral movement.Track cyber threat actors/campaigns based off technical analysis and open source intelligence.Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering.Research and track new exploits and cyber threats. Interact with security community to obtain technical threat intelligence.Provide creative and innovative solutions and serve as a thought leader.Candidate is expected to work closely with team members, management, and other IT teams (Workstation, Network, Server, etc.).Candidate is expected to participate in a 24x7 off hours support rotation.Candidate is expected to be able to perform network, application, and log intrusion detection.Participation in security incident handling efforts in response to a detected incident.Candidate is expected must be able to maintain awareness of trends in security regulatory, technology, and operational requirementsDesign and implement workflows and runbooks?Design workflow automationDevelop security alerts?Standard Qualifications:*Bachelor's Degree or a combination of education plus equivalent work experience.*5 years or more experience in a corporate IT environment or 3 years dedicated SOC experience in addition to a degree with direct background or exposure to cyber security.*Information Security certifications preferred: CISSP, GIAC/SANS certifications.Other Qualifications:*Strong analytical and problem-solving skills.*Hands-on experience with network traffic analysis tools (e.g., tcpdump, Wireshark).*Experience leveraging at least one enterprise SIEM platform.*Strong understanding of malware attack vectors and phishing methods; strong understanding of APT attacks and methods.*Knowledge and understanding of static and dynamic malware analysis reverse engineering knowledge.*Knowledge and understanding of sandboxing for malware analysis.*Usage of open source intelligence to analyze files/URLs/IPs*Basic knowledge and understanding of Netfl