Let’s Connect Today!

NextGen Person

Security Operations Lead in Fenton, MO at NextGen

Date Posted: 5/15/2018

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Fenton, MO
  • Job Type:
    Technology
  • Experience:
    Not Specified
  • Date Posted:
    5/15/2018

Job Description

Job Description Summary
This position combines two roles;
(1) manage Security Information and Event Management (SIEM)/intrusion prevention monitoring, and
(2) lead the security incident response process.

Job Description:
Scope


This role may manage (directly or indirectly) a team of SIEM analysts that perform network and system security event monitoring and correlation. This role is responsible for designing and leading the Security Incident Response Process and Procedures inclusive of training IT Services teams and leading tests of the Response Process.
Reporting and Working Relationships: Reports to SVP, IT Services or other management.

Primary Responsibilities
50%: Manage the process to perform network and system security event monitoring and correlation.
May directly or indirectly manage a team of SIEM analysts.
Perform security incident case development, SIEM functional architecture, design, and capacity planning.
Deploy QRadar logging agents and Integrate log sources into QRadar. Perform SIEM platform performance health checks, tuning and optimization. Performing content and filter development to identify data, and suspicious events.
Configure standard and custom alerting/reporting, correlation and notifications.

50%: Responsible for designing and leading the security incident response process and procedures inclusive of training IT Services teams and leading tests of the response process.
Analyze potential network and system security incidents to identify breaches. Investigate security breaches and make qualified decisions and recommendations for corrective action.
Lead a Security Incident Response Team made up of other teams and organizations as necessary.
Appropriately inform and advise IT management on incidents and incident prevention.



Qualifications
1. 3-7 years of experience in a SIEM analyst and incident response roles.
2. Bachelor's degree and CISSP/CSSP/GMON certifications in incident response or equivalent.
3. Experience with central logging, event correlation, log source integration, and SIEM architecture.
4. Has led analysts who perform daily operational real-time monitoring, analysis and resolution of security events from multiple sources including but not limited to events from security information monitoring tools, network and host based intrusion detection systems, content filtering solutions, firewall logs, & system logs.
5. Experience with the implementation and management of the SIEM; including integrating and analyzing system and network data using enterprise SIEM from sources such as data feeds of alerts, log data from firewalls, routers, other network devices or hosts, network IPS/IDS systems, AAA systems, and other information sources.
6. Experience in and ability to perform real-time computer security Incident Handling including forensic collections, intrusion correlation, threat analysis, and direct system remediation tasks to support the Security Incident Response Team (SIRT).
7. Track and document incidents from initial detection through final resolution including documenting requests and activities in case management system. 8. Participated in the development in incident response process and procedures.