System Administrator
Troy, MI
12 months contract
Job Description:
• Monitor, analyze, triage and escalate security events from the incident response queue• Document incidents in the Incident Management System
Identify ways to mitigate future risk to the Laboratory (e.g. request blocks or other countermeasures).
• Prepare a summary of events to provide at shift turn-over to maintain continuity of operations.
• Monitor analyze, and triage security infrastructure system alerts and logs to ensure proper operational efficiency. These include Intrusion Prevention Systems, Anti-Virus, Web Proxy Systems, Full Packet Capture, Online and Offline Malware Analysis Systems and SIEM platforms.
• Monitor performance metrics and log data for continuous improvement and tuning to match current threats
• Update rule-sets/policy on infrastructure systems to support overall Laboratory defensive systems
• Maintain and update documentation, including standard operating procedures.
• Perform threat analysis on suspicious messages to determine if spam, phishing and or a targeted email.
• Analyze sender domains, URLs, and attachments for security risk. Perform log analysis on malicious items to determine scope of threat. Coordinate with users to receive additional context on suspicious messages to help identify security threat.
• Through log and data analysis determine scope or extent at which other systems were exposed to the same threat.
• Analyze attachments or samples downloaded from malicious emails to understand capabilities and recommend next stage containment.
• Identify, implement or request solutions (e.g. blocks) to mitigate future risk to the Laboratory.
• Research current malicious cyber activity at large.
• Research how vulnerabilities are being exploited and software affected.
• Proactively identify opportunities to mitigate potential threats based on research.
• Proactively identify any patterns within device and server logs based on research to potentially identify systems of interest through log analysis.
• Monitoring of automated alerts for items such as, malware alerts, web sense alerts, change detection alerts, rogue wireless network alerts, security system health alerts and exploit attempt alerts.
• Experience with Virus Total software, Qradar, Bit 9, Symantec Endpoint Manager, Symantec Security Information Manager.
Send resume to adelina@jobs-n-jobs.com or adelinajohn279@gmail.com
Comments