We are looking for a savvy, high-performing Security Analyst who will be responsible for the day-to-day management of company-wide information security toolsets and the protection of Blackbaud's and Client's information. Security Analysts diligently investigate anomalous events and alerts, detect malicious activities, reverse engineer malware, and write signatures and scripts for various security tools to defend against malicious activity.
The Security Analyst provides reports to management regarding the negative impact to the business caused by theft, destruction, alteration, or denial of access to information. The Security Analyst is primarily involved in the analysis, reverse engineering, troubleshooting and resolution of complex threats that impact the information security infrastructure at the data, application, service, operating system, and network levels.
What you'll do:
- Perform intrusion analysis using SIEM technology, packet captures, reports, data visualization, log analysis and pattern analysis
- First responder to security events and escalations via email, phone, and tickets across corporate user networks, data centers, and cloud environments.
- Assist in remediation of all information security incidents
- Hunting for and identifying threat actor groups and respective tactics, techniques and procedures
- Document and communicate findings, escalate critical incidents, and interact with lines of business
- Improve and challenge existing processes and procedures in a very agile and fast paced cyber security environment
- Keeps current on the threat landscape and cyber security trends
- Ability to adapt to fluid infrastructures and to learn/support new technologies
- Thought leader around new security alert content creation, data correlation, anomaly thresholds, and logic updates
- Primary mentor to the core analyst team with regards to training & escalation
What we'll want you to have:
- 5+ years security analysis experience
- 5+ years of IT or networking experience
- Intermediate to Advanced Linux/Unix OS and Windows knowledge
- Deep expertise in at least one public cloud
- Firewall rule and policy fundamentals
- Network routing fundamentals
- Ability to manage parallel tasks and accurately document resolutions
- Experience working with customers in a fast-paced environment
- Working knowledge of network packet analysis tools
- Intermediate understanding of scripting (e.g., PERL, Python, shell scripting)
- Familiarity with cyber security frameworks such as NIST and MITRE ATT&CK
Nice to Haves:
- Industry recognized professional certification such as (but not limited to): Security+, CBROPS, CSA, CEH, GSEC, SSCP
- Industry recognized professional certification such as (but not limited to): CISSP, GBFA, GCDA, GCIA, GCIH, GMON, GNFA, GOSI, GPEN, GPPA, GREM, GSOC, OSDA, OSCP
- Direct experience with malware and analysis techniques and methodologies.
- Experience with playbook development using Security Orchestration and Automated Response (SOAR) platforms
