Information Management Resources, Inc.
SIEM Analyst
Information Management Resources, Inc., Washington, District of Columbia, us, 20022
POSITION SUMMARY:
We are seeking a highly skilled and experienced SIEM Analyst to join our team. The ideal candidate will have a minimum of five years of overall IT or cybersecurity experience, including at least three years of working knowledge in Government Community Cloud High (GCC-H)/GCC environments. This role involves managing and optimizing Security Information and Event Management (SIEM) systems, with a focus on Microsoft Sentinel, log management, threat intelligence, and incident handling. The SIEM Analyst will play a critical role in ensuring the security and efficiency of our clients' environments through proactive monitoring, analysis, and continuous improvement.
ROLE AND RESPONSIBILITIES:
Log Management:
Reviewing the ingestion and normalization of logs to ensure accuracy and completeness. Ingesting and analyzing all common log formats. Consulting on log storage methods, pricing tiers, and cost management recommendations.
Microsoft Sentinel Management:
Managing Microsoft Sentinel with regularly updated baselines. Continuously deploying updated rules to enhance security monitoring.
Threat Intelligence:
Disbursing threat intelligence to key employees. Sharing hardening recommendations and updating baselines based on lessons learned across the client base.
Staff Support:
Providing educational development by leveraging Microsoft partnerships and team expertise to conduct workshops and training on Azure and M365 Cloud Services.
Continuous Improvement:
Reviewing architecture to identify gaps in cybersecurity solutions. Driving efficiencies in logging and log storage processes.
Program Management Support:
Participating in recurring operational touchpoints. Conducting quarterly executive management reviews to provide updates and insights.
Automated Response:
Utilizing expert systems to enhance security investigations by integrating and analyzing external and internal data sources. Automating investigation workflows to reduce manual effort and accelerate incident response times.
24x7x365 Monitoring of Security Events:
Providing advanced endpoint detection and response (EDR) threat detection and response services for desktops, servers, and firewalls. Monitoring and managing security alarms for firewalls, network devices, and Active Directory user behavior. Monitoring Microsoft Sentinel instances and analyzing syslog and Common Event Format (CEF) data. Developing custom alerting capabilities based on business requirements.
Incident Handling Support:
Supporting incident management for the Security Operations Center (SOC). Conducting recurring operational reviews with the designated SOC Lead. Providing recommended best practices for responding to security events.
REQUIRED QUALIFICATIONS:
Education : Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent work experience may be considered in lieu of a degree. Minimum of five (5) years of overall IT or cybersecurity experience. At least three (3) years of hands-on experience in Government Community Cloud High (GCC-H)/GCC environments. Knowledge, skills, and abilities to operate, maintain, and upgrade two or more of the following tools: Microsoft Sentinel, Microsoft Azure, Microsoft DfE, Xacta 360/IO, Zscaler, FedRamp, Cloudflare, NetWitness, Tenable IO, Nexpose, Armis, Trellix HX/CM, and ServiceNow. Strong analytical, problem-solving, and communication skills. Ability to pass a Public Trust background check prior to onboarding.
#J-18808-Ljbffr
Reviewing the ingestion and normalization of logs to ensure accuracy and completeness. Ingesting and analyzing all common log formats. Consulting on log storage methods, pricing tiers, and cost management recommendations.
Microsoft Sentinel Management:
Managing Microsoft Sentinel with regularly updated baselines. Continuously deploying updated rules to enhance security monitoring.
Threat Intelligence:
Disbursing threat intelligence to key employees. Sharing hardening recommendations and updating baselines based on lessons learned across the client base.
Staff Support:
Providing educational development by leveraging Microsoft partnerships and team expertise to conduct workshops and training on Azure and M365 Cloud Services.
Continuous Improvement:
Reviewing architecture to identify gaps in cybersecurity solutions. Driving efficiencies in logging and log storage processes.
Program Management Support:
Participating in recurring operational touchpoints. Conducting quarterly executive management reviews to provide updates and insights.
Automated Response:
Utilizing expert systems to enhance security investigations by integrating and analyzing external and internal data sources. Automating investigation workflows to reduce manual effort and accelerate incident response times.
24x7x365 Monitoring of Security Events:
Providing advanced endpoint detection and response (EDR) threat detection and response services for desktops, servers, and firewalls. Monitoring and managing security alarms for firewalls, network devices, and Active Directory user behavior. Monitoring Microsoft Sentinel instances and analyzing syslog and Common Event Format (CEF) data. Developing custom alerting capabilities based on business requirements.
Incident Handling Support:
Supporting incident management for the Security Operations Center (SOC). Conducting recurring operational reviews with the designated SOC Lead. Providing recommended best practices for responding to security events.
REQUIRED QUALIFICATIONS:
Education : Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent work experience may be considered in lieu of a degree. Minimum of five (5) years of overall IT or cybersecurity experience. At least three (3) years of hands-on experience in Government Community Cloud High (GCC-H)/GCC environments. Knowledge, skills, and abilities to operate, maintain, and upgrade two or more of the following tools: Microsoft Sentinel, Microsoft Azure, Microsoft DfE, Xacta 360/IO, Zscaler, FedRamp, Cloudflare, NetWitness, Tenable IO, Nexpose, Armis, Trellix HX/CM, and ServiceNow. Strong analytical, problem-solving, and communication skills. Ability to pass a Public Trust background check prior to onboarding.
#J-18808-Ljbffr