Security Threat Analyst in Denver, CO at Vaco

Date Posted: 3/20/2020

Job Snapshot

Job Description



The Security Threat Hunter/Analyst is responsible for the following shift duties:

* Daily Traffic Review - replaying traffic from previous shifts and reviewing customer reports to ensure potential security incidents were not missed by a Level 1 Analyst.
* Report Run Verification - ensure customer reports run as scheduled
* Improve their knowledge of the customer environment, intrusion detection, methodologies, and intrusion detection services with the support of on-going training from the analysts and self-study
* Review SOC Activity log, cases and other monitoring tools for complete understanding of previous shift activities and incidents
* Handle Tier 2 event incident response, case management, and customer notification
* Ensure security devices contain up-to-date signatures libraries
* Assist with engineering tasks as necessary
* Train SOC Level 1 Analysts on new attack signatures and attack methodologies
* Providing process and operational improvement suggestions
* Review and update documentation (such as SOPs and TTPs)
* Complete vendor training as requested by Management
* Subscribe to and review security mailing lists such as ISC SANS (
* View the Internet Storm Center on a daily basis for up-to-date news on recent Internet activity of note (
* Daily Case Management - the Security Analyst will review open cases and provide follow up that may be required


* U.S. Based
* 5+ years of Information Security experience
* 5+ years Firewall management and rules analysis
* 2-4 years of systems analysis
* Working knowledge of Linux and syslog from CLI
* Scripting Language knowledge of Python, Java, C++, SQL and powershell,
* Expert knowledge of Splunk and Splunk ES
* Expert knowledge of Burp suite and Kali Linux

* Proven ability and past experience performing moderately complex security analysis for information technology is required
* Excellent writing and communications skills
* Familiarization with a variety of information and network security monitoring tools (ArcSight SIEM, QRadar SIEM, Arbor DDoS Mitigation, Cisco IDS/IPS, Netcool, and Imperva WAF, among others)
* Ability to work in a dynamic team-centered environment

Education Preferred:
* Bachelor's Degree in Computer Information Systems or related field

Industry Certifications:

Tier 3 Analysts should possess the background and experience necessary to obtain Industry or SOC specific certifications as instructed by management. Possible applicable certifications include, but are not limited to:

* Certified Information Systems Security Professional (CISSP)
* Information Systems Security Engineering Professional (CISSP-ISSEP)
* Systems Security Certified Practitioner (SSCP)
* CompTIA Security+
* Certified Ethical Hacker (CEH)
* Certified Security Analyst (ECSA)
* Certified Incident Handler (ECIH)
* CompTIA Cybersecurity Analyst (CSA+)
* Information Technology Infrastructure Library (ITIL)
* Cisco CCNA
* Cisco CCNP + Security
* Linux+

Work Experience:

* 2-3 years of Managed Security Service Provider Tier-1/2 Analyst/Operator Experience (Preferred)
* 3-4 years of SOC or NOSC analyst experience
* Threat Intelligence or Forensic background is a plus