Berkley

  • IT Security Analyst

    Location Name DE, Wilmington
    ID
    2018-2108
    Date Posted
    2 months ago(11/21/2018 9:57 AM)
    Company
    Berkley Technology Services LLC
    Primary Location
    US-DE-Wilmington
    Category
    Information Technology
  • Company Details

    Berkley Technology Services_Logo

    Berkley Technology Services (BTS) is a dynamic company committed to providing world class IT services. We offer a unique culture, enabling our team members to be on the cutting edge of technology while delivering high quality solutions. We are looking for outstanding individuals who will bring unique perspectives, insight and innovation to our teams. BTS, a member company of W. R. Berkley Corporation, has facilities located in Des Moines, Iowa and Wilmington, Delaware. Our functions include working with various third parties to develop, integrate, and support insurance systems of WRBC's operating units. BTS strives to provide these functions in a holistic manner including helpdesk support, system connectivity, and operational support. Additional responsibilities include coordinating communications regarding best practices in the use of our supported systems and researching new technology. At BTS, there are opportunities associated with being a part of an established and empowering corporation while maintaining a positive personal working environment. Additionally, we provide a competitive compensation and benefits package including a casual dress code. BTS is constantly growing and expanding to meet the changing demands of one of the most successful insurance organizations in the world. If you are ready to jump start your career, BTS is the place for you. Visit us at berkley-bts.com to learn more information.

    Responsibilities

    The Information Security Analyst position is assigned to the Security Operations Team. The primary purpose of this position is to help coordinate and report on cyber incidents impacting WRBC and its business units across the globe. This position involves critical duties and responsibilities that must continue to be performed during crisis situations and contingency operations, which may necessitate extended hours of work.

     

    Overall Responsibilities:

    Reporting to the Manager – Security Operation Center, and as a member of the Global Information Security Management team, the Information Security Analyst is responsible for coordinating and consulting on the day to day management and execution of the Information Security program. Through effective governance routines, project and program execution tracking, this individual will support all Information Security verticals in their efforts to improve and mature the security posture of the firm.

     

    • Responsible for working in a 24x7 Security Operation Center (SOC) environment.
    • Provide analysis and trending of security log data from a large number of heterogeneous security devices.
    • Provide Incident Response (IR) support when analysis confirms actionable incident.
    • Provide threat and vulnerability analysis as well as security advisory services.
    • Analyze and respond to previously undisclosed software and hardware vulnerabilities
    • Investigate, document, and report on information security issues and emerging trends.
    • Integrate and share information with other analysts and other teams.
    • Research, analysis, and response for alerts; including log retrieval and documentation
    • Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
    • Perform general SIEM monitoring, analysis, content development, and maintenance
    • Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
    • Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
    • Track threat actors and associated tactics, techniques, and procedures (TTPs) by capturing intelligence on threat actor TTPs and developing countermeasures in response to threat actors
    • Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs
    • Analyze malicious campaigns and evaluate effectiveness of security technologies
    • Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
    • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
    • Develop advanced queries and alerts to detect adversary actions
    • Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
    • Assist with response and investigation efforts into advanced/targeted attacks
    • Hunt for and identify threat actor groups and their techniques, tools and processes
    • Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses
    • Provide analytic investigative support of large scale and complex security incidents
    • Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
    • Continuously improve processes for use across multiple detection sets for more efficient Security Operations
    • Perform regular updates of existing Playbooks based on changes in the Threat Landscape or upon discovery of new threat tactics or procedures.

    Qualifications

    Experience:

    • 5+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a SOC
    • Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences.
    • Manage change and demonstrate adaptability by embracing change and adjusting priorities or processes and approach as needs dictate.
    • Take responsibility for successes and failures related to individual and team-based project work assignments; actively presents suggestions for solution(s), if objectives not met.
    • Experience with SIEM solutions (preferably Splunk or similar tool) search language, techniques, alerts, dashboards, report building and creation of automated log correlations.
    • Experience with active threat hunting and adversary tracking
    • Strong analytical and investigation skills

     

    Education:

    • Education – Bachelor’s degree in Computer Science, Information Security, Computer Forensics or related field
    • One or more relevant industry cyber security certifications preferred (CISSP, GCIA, GCIH, GREM, CEH, etc.)

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.