VMware Threat Analyst II in Boulder, Colorado
VMware Carbon Black’s Managed Detection service consists of world class security experts who are responsible for monitoring and validating security events in real time. This includes following procedures to triage and investigate security alerts and provide product specific remediation assistance. We are seeking a Threat Analyst II to join our team.
The Threat Analyst II will be responsible for researching confirmed security events in depth, maturing processes, creating and improving automation and other tools, product improvements, and the mentorship and professional growth of junior analysts. The Analyst will also have opportunities to receive mentorship for professional growth from more senior members of the team. The analyst will have involvement with evaluating new security technologies, incident response, penetration testing and the freedom to try out new ideas and technologies to improve the SOC.
What You'll Do
Performs endpoint security monitoring, security event triage, and incident response to detect and respond to advanced threats
Identifies potential gaps and offers solutions to include internal team needs, product improvements and client security posture
Coordinates with other team members and management to investigate, document and report incidents
Collaborate with our Threat Analysis Unit to provide in depth reports of confirmed security incidents and produce technical threat advisory broadcasts about new and emerging threats
The analyst will be responsible for providing training and mentorship to junior analysts to assist with their professional development goals. This will include developing relevant training exercises and classes with the assistance of the leadership team
The analyst will be part of a rotating SOC shift and will need to manage their schedule accordingly so as to ensure there is coverage during SOC shifts
Work with security engineering teams to validate detection effectiveness as well as identifying detection improvements
Maintains records of security events investigated and incident response activities, utilizing case management and ticketing systems
Perform regular reviews of alert tickets handled by junior analysts
Act as senior level analyst to Tier 1 analysts, providing guidance as a product subject matter expert to ensure that remediation recommendations are accurate
Monitors and analyzes EDR and Security Information and Event Management (SIEM) to identify security issues for remediation.
Provides recommendations, creates, modifies, and updates EDR and Security Information Event Management (SIEM) tool rules
Ensure that we are implementing best practice security policies that address the client's business need while protecting their vital corporate assets
Take on Security Operations responsibilities when not on a SOC shift: this includes but is not limited to documentation, basic malware analysis, exceptions tracking, security tool management, tuning, and configuration, along with metrics and reporting.
Be a primary for or support ongoing projects by assisting in the automation, implementation, testing and documentation of security related projects
Operating System Skills:
Beginner to intermediate skills in Windows, macOS, and/or Linux
Basic Scripting Skills:
Experience with any of the following:
Unix/Linux Shell scripts, Python, Go, PowerShell, C++, C#, Perl
Firewalls (e.g. PaloAlto Networks, Checkpoint, Cisco ASA, Juniper SSG, PFSense, etc..)
Experience with threat hunting
Log Management and SIEM (e.g. Splunk, IBM QRadar, HP ArcSight, LogRhythm)
Network Analysis Tools (e.g. Netwitness, Wireshark)
System Analysis and Forensic Tools (e.g. FTK, EnCase)
Endpoint Security (e.g. Carbon Black Endpoint Standard, Carbon Black Enterprise Protection, Carbon Black Enterprise Response, Symantec, McAfee, Forefront)
Windows Management (e.g. WSUS, SCCM, SCOM, Active Directory, Group Policy)
Penetration Testing Tools (e.g. Metasploit, Kali)
Regulatory Regimes a plus (e.g. GDPR, ISO27K, SSAE16, HIPPA, PCI, FISMA)
What You'll Bring
BS/BA degree in Computer Science, Information Systems, related discipline or equivalent experience.
3-5 years of professional work experience in the cybersecurity industry
The ideal candidate will have macOS and Windows operating system experience, as well as scripting skills. Linux/Unix skills are a plus.
Strong analytical skills to define risk, identify potential threats, and develop and document action/mitigation plan
Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats
Ability to work efficiently and self motivate with little to no supervision
Certifications a plus: CISSP, SAN GIAC Certifications (GCIH, GPEN, GSEC, etc.)
Strong written and verbal communications skills with an ability to present technical risks and issues to technical and non-technical audiences internal and external to the organization
Category : Engineering and Technology
Subcategory: Information Security
Experience: Manager and Professional
Full Time/ Part Time: Full Time
Posted Date: 2020-11-16
VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.
Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.