Active Threat Analysis (ATA) Security Incident

Company: Trinus Corporation
Location: Downey
Posted on: March 26, 2020

Job Description:

Description Of WorkDuties Resolve ATA tickets assigned from ISD's 7x24x365 managed security service expeditiously (includes reviewing and working on cases on the portal and providing details for case closure). Meet or exceed SLA for all ATA tickets. Support other departments in resolving ATA ticket assigned to them for resolution. Ensure compliance on a daily basis - all servers in data center have to have NXLogs agent and logs must be delivered to ATA. Provide in-depth support for information security incidents, including internal violations, hacker attacks, viruses, unauthorized system access, and identifying and recognizing incidents of compromise (IOC's) and how they are used at the network level. Provide recommendations to improve information security incident response processes related to host and network security in accordance with County policies and procedures. Demonstrate above average analytical skills and work professionally with peers and customers, especially under pressure. Analyze and interpret system, security, and application logs in order to diagnose faults and spot abnormal behavior. Identify issuesproblems and coordinate with customers regarding recommendations and resolution to security incidents. Analyze threat intelligence feeds received, and correlate ATA cases and investigations with affected customer departments. running their own applications outside the County's data center, although there is a current project underway to consolidate most County data centers to one centralized enterprise data center. Active Threat Analytics (ATA) is ISD's 7x24x365 managed security service. Around the clock, ATA monitors ISD's network and data centers for security threats and attacks, and issues alerts to ISD when trouble is found. However, ISD Security Operations Section (SOS) is not 7x24x365 and does not have staff dedicated to investigating ATA cases, often requiring staff overtime to address the volume of ATA cases and to meet response time objectives. Moreover, ATA's identification of County sourcesdestinations are sometimes incomplete or incorrect, requiring SOS to chase down IP addresses and the responsible County departments. DESCRIPTION OF WORKDUTIES Resolve ATA tickets assigned from ISD's 7x24x365 managed security service expeditiously (includes reviewing and working on cases on the portal and providing details for case closure). Meet or exceed SLA for all ATA tickets. Support other departments in resolving ATA ticket assigned to them for resolution. Ensure compliance on a daily basis - all servers in data center have to have NXLogs agent and logs must be delivered to ATA. Provide in-depth support for information security incidents, including internal violations, hacker attacks, viruses, unauthorized system access, and identifying and recognizing incidents of compromise (IOC's) and how they are used at the network level. Provide recommendations to improve information security incident response processes related to host and network security in accordance with County policies and procedures. Demonstrate above average analytical skills and work professionally with peers and customers, especially under pressure. Analyze and interpret system, security, and application logs in order to diagnose faults and spot abnormal behavior. Identify issuesproblems and coordinate with customers regarding recommendations and resolution to security incidents. Analyze threat intelligence feeds received, and correlate ATA cases and investigations with affected customer departments. Minimum Qualifications The Consultant must meet all the following minimum qualifications One (1) year of experience in the last three (3) years managing andor supporting a production security incident response environment, including working with end-users to investigate, analyze, troubleshoot, and resolve security incident issues. Two (2) years of experience in the last four (4) years as a security incident handler with experience detecting, responding, resolving, and managing computer and network security incidents, including, detecting malicious applications and network activity, detecting and analyzing system and network vulnerabilities, determining root causes, performing computer and network forensic investigations and leading a computer security incident response team. Two (2) years of experience in the last four (4) years as a systems administrator or network engineer supporting a networked environment with at least 500 servers, 5,000 or more users and multiple firewalls, switches, and routers. The network environment must consist of multiple VLANs in a single location AND multiple physical locations connected through routers or similar layer-3 routing devices. Two (2) years of experience in the last four (4) years creating and managing projects with project management tracking tools such as Microsoft Project. Three (3) years of experience in the last five (5) years developing clear and precise process, workflow, andor network diagrams using Microsoft Visio or similar tools, and technology-related documents such as operating proceduresguidelines, incident reports, technology standards, and knowledge base articles. Two (2) years of experience in the last four (4) years in a security monitoring role.

Keywords: Trinus Corporation, Downey , Active Threat Analysis (ATA) Security Incident, IT / Software / Systems , Downey, California