Threat Analyst - Carbon Black
Boulder, CO
About the Job
Threat Analyst
Boulder, CO
Why Carbon Black?
At Carbon Black, you’ll have the chance to make an impact in the ever-evolving cybersecurity space. Our advanced technology tackles even the toughest challenges and stays ahead of the latest threats. If you want to join an agile company that’s building bleeding edge technology in the cloud, Carbon Black is the place for you. Driven by passionate people who are dedicated to making the world safer, it’s no wonder we’ve been named a “Top Place to Work” by the Boston Globe for four consecutive years. Join us!
Why You Matter
Carbon Black, the leader in advanced threat protection, is seeking a Threat Analyst. This is an entry to mid-level position in Cyber Security, targeted toward individuals with 1-3 years of experience. Educational and personal experience with network/systems administration and/or information security related work is necessary.
Threat Analysts at Carbon Black are responsible for monitoring and maintaining systems used in our security program. This includes the following of procedures to triage and investigate security alerts, and escalate issues as necessary. Threat Analysts have opportunities for mentorship from more senior members of the team, and involvement with maturing procedures, evaluating new security technologies, incident response, penetration testing, and the freedom to try out new ideas and technologies to improve the SOC.
What You’ll Do
- Performs endpoint security monitoring, security event triage, and incident response for a mid-size organization, coordinates with other team members, management to document and report incidents
- He/she will be part of a rotating SOC shift and will need to manage their schedule accordingly so as to ensure there is coverage during SOC shifts
- Maintains records of security events investigated and incident response activities, utilizing case management and ticketing systems
- Monitors and analyzes EDR and Security Information and Event Management (SIEM) to identify security issues for remediation
- Makes recommendations, creates, modifies, and updates EDR and Security Information Event Management (SIEM) tool rules
- Ensure that we are implementing best practice security policies that address the client's business need while protecting their vital corporate assets
- Take on Security Operations responsibilities when not on a SOC shifts: This includes but is not limited to documentation, basic malware analysis, exceptions tracking, security tool management, tuning, and configuration, along with metrics and reporting.
- Be a primary for or support ongoing projects by assisting in the implementation, testing and documentation of security related projects
Technical Skills
OS Skills:
- Intermediate to advanced skills in Windows, Linux, and/or OSX
Scripting Skills:
- Experience with any of the following is a plus:
- Unix Shell scripts, Perl, Python, Powershell, C#
Technology Experience:
- Firewalls (e.g. PaloAlto Networks, Checkpoint, Cisco ASA, Juniper SSG, PFSense, etc..)
- Log Management and SIEM (e.g. Splunk, IBM QRadar, HP ArcSight)
- Network Analysis Tools (e.g. Netwitness, Wireshark)
- System Analysis and Forensic Tools (e.g. FTK, EnCase)
- Endpoint Security (e.g. Carbon Black Enterprise Protection, Carbon Black Enterprise Response, Symantec, McAfee, Forefront)
- Windows Management (e.g. WSUS, SCCM, SCOM, Active Directory, Group Policy Objects,)
- Penetration Testing Tools (e.g. Metasploit, Backtrack, Kali)
- Operating Systems (e.g. Windows Server 2008/2012, CentOS Linux, OSX)
- Enterprise Microsoft Solutions (e.g. Exchange, Sharepoint, Lync)
- Regulatory Regimes (e.g. ISO27K, SSAE16, HIPPA, PCI, FISMA)
- Various Open-Source security and networking tools (MRTG, SysInternals, Nagios)
What You’ll Bring
- Working towards completion or has a BS/BA degree in Computer Science, Information Systems, or related discipline or equivalent experience.
- 1 – 3 years of professional work experience in the security field
- The ideal candidate will have Linux OS and scripting skills. OSX and Windows skills are a plus.
- Strong analytical skills to define risk, identify potential threats, document and develop action/mitigation plan
- Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats
- Certifications a Plus: CISSP, SAN GIAC Certifications (GCIH, GPEN, GSEC, etc.)
- Strong written and verbal communications skills with an ability to present technical risks and issues to non-technical audiences internal and external to the organization
Why you should join us
Carbon Black is a leading provider of next-generation endpoint security, leveraging breakthrough prevention technology to instantly see and stop cyberattacks before they execute. With more than 13 million endpoints under management, and more than 4000 customers—including 30 of the Fortune 100—the opportunities are massive and exciting. With 1000+ employees, offices across the world, and the best-of-the best tools for collaboration from anywhere, now is an ideal time to become part of the Cb Team. See where you fit best at Lifeatcb.carbonblack.com.
Carbon Black, Inc. is an EEO/AA employer. Carbon Black is an inclusive employer that believes in workplace equality, supports diversity, creates a welcoming environment, and respects the unique qualities each individual brings to the company.