ECS is seeking an Elastic SIEM Security Analyst to work remote.
Job Description:
As a leading managed cybersecurity services provider, ECS delivers a highly tailored and customized offering to each customer. The Professional Services Team is responsible for working with our customers to understand their needs and delivering a complete solution. We will leverage your unique skills to help solve customers' challenges, such as engineering a system to address a technical hurdle, protecting customer data, or consulting on a wide range security topics. You are empowered to engage and lead across multiple groups and must have the self-sufficiency and focus to work well without constant oversight.
This role requires a blend of technical proficiency with Elastic SIEM, cybersecurity principles, and strong analytical capabilities to effectively protect against and respond to cyber threats. The candidate should also possess excellent interpersonal skills to communicate complex security issues to a broad audience effectively.
Responsibilities:
Network Monitoring and Intrusion Detection: Perform analysis using various defense tools, including IDS/IPS, firewalls, and host-based security systems.
SIEM Management: Utilize Elastic SIEM to correlate events and identify indicators of threats, creating actionable intelligence.
Threat Research: Investigate emerging threats and vulnerabilities to enhance incident identification processes.
Threat Detection: Implement both log-based and endpoint-based detection strategies to identify and mitigate threats from multiple sources.
Content Development: Develop and customize SIEM content such as machine learning rules, signatures, and dashboards according to customer requirements.
Activity Correlation: Correlate data across network, cloud, and endpoints to identify attacks and unauthorized actions.
Alert Management: Review and respond to alerts from SIEM and other sensors; document incidents in formal, technical reports.
Phishing Analysis: Analyze phishing email submissions to determine threat levels and appropriate responses.
Incident Response Support: Provide effective incident response and mitigation strategies to contain and rectify breaches.
Threat Intelligence Integration: Collaborate with threat intelligence and threat-hunting teams to maintain up-to-date knowledge of threat landscapes.
Tool Evaluation: Assist in assessing new security tools and analytical techniques for integration into managed security services.
Breach Investigation: Support both large-scale and smaller-scale cyber breach investigations.
Stakeholder Communication: Effectively communicate cyber events and findings to both internal and external stakeholders.
Salary Range: $90,000 - $120,000
General Description of Benefits
Required Skills:
Deep Knowledge of Elastic SIEM: Proficient in using Elastic SIEM for monitoring, threat detection, and response. Experience with using Kibana, Logstash, Ingest Pipelines, Enterprise Search or Observability preferred.
Cybersecurity Expertise: Strong understanding of network protocols, encryption, and vulnerabilities.
Analytical Skills: Ability to analyze complex data from various sources to deduce patterns and detect anomalies.
Programming/Scripting: Familiarity with scripting languages like Python or PowerShell to automate tasks and manipulate data.
Content Creation: Experience in creating and tuning SIEM rules, signatures, and dashboards.
Communication Skills: Excellent written and verbal communication skills for reporting and stakeholder engagement.
Problem-Solving: Strong problem-solving skills with the ability to work under pressure in a fast-paced environment.
Certifications: Preferred certifications include CISSP, CEH, GCIH, or Elastic Certified Analyst.
Experience: Previous experience in a cybersecurity operations center (SOC) environment is highly desirable.
Bachelor's degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree.
Desired Skills:
Prior experience working as an analyst in a Security Operations Center (SOC).
Prior experience working EDR, SIEM, SOAR, and ticketing technologies.
Knowledge of threat actor tactics, techniques, and procedures (TTPs).
Ability to support ad hoc scripting in any language.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
