Job Title: Senior Cybersecurity Analyst
Job Responsibilities:
The Senior Cybersecurity Analyst is primarily responsible for managing the security system’s health, operational effectiveness, and efficiency within the law firm's information security program and systems. Key responsibilities include:
- Understanding the law firm's core business activities and deploying specialized information security solutions to protect these activities.
- Maintaining the operational effectiveness and efficiency of Information Security tools such as Enterprise Syslog Servers, Intrusion Detection and Protection Systems (IDS/IPS), Microsoft Sentinel SIEM, CASB, Syslog, and other security tools. This includes maintaining systems, updating versions to current releases, backups, and collaborating with infrastructure teams as needed.
- Implementing, maintaining, deploying, and monitoring the SIEM, IDS/IPS, CASB, XDR/EDR Agents, and Syslog Servers feeding the SIEM, alongside other security monitoring solutions to ensure system health and effectiveness.
- Creating new SIEM detections aligned with the MITRE ATT&CK framework and recommending improvements in SIEM, CASB, and other security tools to leadership.
- Leading the security team to enhance secure and resilient cloud and on-premises monitoring processes and procedures, including the Incident Response Plan, IR playbooks, Operations playbooks, communication plans, threat hunting, SOC metrics, KPIs, and service level objectives for security events and incidents.
- Automating repetitive tasks within the SOAR environment using ML/AI to drive efficiencies and focus on more advanced tasks.
- Refining, updating, and maintaining playbooks, policies, procedures, Information Security Standards, and Guidelines to align with industry best practices.
- Coordinating activities and escalations with the law firm's managed security service providers (MSSP).
- Examining log source data across endpoints, databases, applications, identity management, networks, mobile devices, and cloud, and conducting expert analysis of logging, malware, or other malicious activities on the law firm's systems.
- Recommending adjustments to security tool configurations to minimize false positives and providing recommendations for improving monitoring logging, identity management, data protection, detection, and preventative controls.
- Collaborating with platform or business owners to identify security improvements and monitoring and remediation efforts post-security assessments.
- Maintaining strong partnerships with security engineering, incident response, infrastructure, and IT teams to improve monitoring, workflow, and response capabilities.
- Serving as third-level triage support to cybersecurity, information security event, incident response tickets, mentoring junior Security Operations Center staff (SOC), and leading more challenging security alerts, events, and incidents.
- Participating in rotating after-hours, weekend, and holiday on-call schedules for escalation of security issues.
- Assisting with security standards and security configuration baseline and updates for systems and business applications.
- Serving as a member of the information security change management team.
- Attending and participating in regular technical and non-technical projects and implementation meetings to serve as the security consultant, helping guide secure application and infrastructure configurations, ensuring information security oversight, and compliance with policies, procedures, and standards.
- Assisting with internal and external auditors for compliance and risk assessments if needed.
- Reporting on the state of the SOC to the Information Security Director and stakeholders upon request.
- Performing other analyst duties as requested.
Education and Experience Information:
- High School diploma or . equivalent, along with some post-secondary coursework and/or equivalent experience.
- At least five years of information security/SOC experience, or a combination of three to five years of IT system administration with security experience in a security operations center or an incident response role.
- Ability to create detections aligning with the MITRE ATT&CK framework.
- Expertise in incident response, system monitoring, and analysis, with in-depth knowledge and expertise in SIEM, IDS/IPS, web proxies, EDR, XDR, SIEM, CASB, DNS security, sandboxing, and firewalls.
- Experience in analyzing and inspecting log files, network packets, and other security tool information outputs from multiple system types.
- Expertise in multiple computing platforms, including Windows, OSX, Linux, Unix, networks, and endpoints.
- Strong knowledge of Information Security, Incident Management, Security Monitoring, Threat Intelligence, Incident Response, and Risk Classification functions.
- Experience with technical analysis of email headers, links, and attachments to determine if an email is malicious and executing the appropriate remediation techniques to protect the environment.
- Strong interpersonal and collaborative communication skills, with the ability to weigh and communicate business needs and costs against security concerns and articulate issues to management.
- Demonstrated technical knowledge through experience or certification(s).
- Ability to effectively multi-task, prioritize, work calmly under pressure and with tight deadlines, and demonstrate trustworthiness, integrity, curiosity, and adaptability.
- Excellent problem-solving abilities, analytical mindset, and attention to detail, with a focus on staying current with the evolving threat landscape.
- Team-oriented with skills in working collaboratively and the ability to clearly and concisely document and explain technical details (., experience documenting incidents, technical writing, etc.).
Required Technical Skills (minimum of six):
- Microsoft Azure Microsoft Sentinel SIEM experience of two years (or similar SIEM experience).
- Microsoft Defender Endpoint Admin experience of two years (or similar EDR).
- Microsoft Defender for Server Admin experience of two years (or similar EDR).
- Microsoft CASB Admin experience of two years (or similar CASB).
- Identity and Access Management Tool Admin Experience of two years, such as Microsoft EntraID, Microsoft Active Directory (or Sailpoint, CyberArk, Oracle).
- Advanced Windows and Linux operating system skills.
- Advanced HPE Intrusion Detection System Administration skills (or similar SD WAN IDS skills).
- Proficiency in scripting languages such as PowerShell, Python, and skills in using KQL.
Preferred:
- Bachelor’s degree.
- Experience with ISO 27001:2022 compliance requirements.
- SANS GSEC GCIA (and related), CISSP, CCSP certifications (a plus).
Salary Information:
The pay range for this position in Minnesota and Colorado is an annual salary of $96,000 to $118,000. This range represents the law firm's good faith estimate of likely compensation at the time of posting. Actual pay will depend on various factors, including the candidate’s experience, qualifications, skills, and location, and may fall outside of the indicated range.
