MidAmerican Energy Company IT Security Operations Analyst 3 in Des Moines, Iowa
Performs operational activities including security event monitoring, evaluation, containment and mitigation efforts for security events. Responds to real-time security incidents and supports activities for response, containment and event forensics. Provides a lead role on the Computer Incident Response Team (CIRT). Builds and maintains event alerts in the Security Information and Event Management (SIEM) system and other monitoring tools. Performs development and maintenance activities for security applications and assets. Uses knowledge of network infrastructure, anti-virus software, end point protection systems and other technologies to provide timely and effective cyber incidence response. Provides technical leadership to security operations analysts 1 and 2. Provides trend analysis and risk assessment to management about vulnerabilities in the environment.
Primary Job Duties and Responsibilities (Essential Job Function)
Effectively monitor the Security Information and Event Management (SIEM) system, the Intrusion Detection System (IDS), and other security tools for cyber security events. Evaluate and manage the events to eliminate or mitigate risk to the company. Respond to real time security incidents and support activities for response, containment and event forensics. (20%)
Perform deep dive incident analysis by correlating data from various sources to determine root cause of infection or threat entry. Provides support for new analytic methods and detecting threats. (15%)
Review assessments from the vulnerability scanning tools and take action to remediate or further investigate those considered to be a risk. Provide trend analysis and risk assessment to management about vulnerabilities in the environment. Review workstation security patching failures and assist with remediation. (10%)
Support and maintain the Security Information and Event Management (SIEM), Intrusion Detection Systems (IDS) and other monitoring tools as needed. Determine and build alerts based on new threats and security data, regulatory requirements, Center for Internet Security critical security controls best practices and ISO 27001 certification requirements. (20%)
Lead the development and maintenance of incident response procedures for security events that require the mobilization of IT resources to respond to network or system intrusions or malicious code. Maintain cyber security operations monitoring standard operating procedures to effectively manage and mitigate cyber security events. (10%)
Support organization as a senior subject matter expert and provide technical leadership to the IT security operations analyst level 1 or 2 as required. Fill in for the manager, enterprise security & operations as needed. (15%)
Maintain strong understanding of network infrastructure, anti-virus software, end point protection systems and other technologies to ensure adequate defense in depth design across the IT enterprise. (10%)
Participate on the CIRT team in a lead role as dictated by the cyber-security incident management plan. Provide timely and accurate cross-platform support in response to security threats that may arise that poses a risk to systems across the company's computing enterprise. Assist in complex forensic and investigation activities where advanced technical security skills are required. (10%)
Participate in oncall rotation to support front line security operations analysts. (0-5%)
Consult with IT project teams and staff across all technology disciplines to provide direction on security requirements in accordance to security policies and standards. (5%)
Performs any additional responsibilities as requested or assigned. (0-5%)
Bachelor's degree in computer science, information technology or related field or equivalent work experience. (Typically six years of additional related, progressive work experience would be needed for candidates applying for this position who do not possess a bachelor's degree.)
Five years of experience with Security Information and Event Management and Intrusion Detection systems with associated incident response experience.
MCSA, MCSE or equivalent work experience required.
Advanced security certification including GIAC, CISM or CISSP.
Understand and be able to use regular expressions and pattern matching.
Application development experience using programming languages such as PERL as well as open source security tools such as SNARE, SNORT, etc.
Ability to construct and execute complex database queries using SQL.
Technical knowledge of complex computing environments, operating systems, databases, network software and disaster recovery practices.
Knowledge of network, workstation, and server security products, technologies and protocols.
Excellent oral and written communication skills, including presentation skills.
Effective interpersonal skills and customer relationship skills.
Effective analytical, problem-solving and decision-making skills.
Project management skills; ability to prioritize and handle multiple tasks and projects concurrently.
Available to cover on-call responsibilities that may occur nights, weekends and holidays.
Employees must be able to perform the essential functions of the position, with or without an accommodation.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
Job: *Information Protection
Organization: *Information Technology
Title: IT Security Operations Analyst 3
Location: IA-Des Moines
Requisition ID: 1801405