Dick's Sporting Goods Security Analyst- CSOC in Pittsburgh, Pennsylvania
The Information Security Analyst will provide technical support on the team involved in information security response, security monitoring, and supports audit/compliance and cyber forensic activities for the company. The successful candidate will have general knowledge and experience with SIEMs, security operations processes, incident response, event analysis, threat intelligence, and security skills development.
Additionally this position is required to assist with ongoing security project activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. This role serves as an internal information security consultant to the organization and requires security systems administration, network administration, application security skills and project management experience.
Work as part of a team of Information Security professionals supporting the enterprise.
Triage and respond to concurrent security incidents
Escalate issues to senior staff/management as required
Assists IT staff to remediate any vulnerabilities and/or threats to corporate networks
Document incident results and report details to the security organization
Respond to internal customers, partner's and auditor's request for information regarding the corporate security event management capabilities
Document existing and new processes, mature existing documentation.
Execute standard procedures for the administration, backup, disaster recovery, and operation of information security systems
Research, analyze and understand log sources, particularly security and networking devices (such as firewalls, routers, anti-virus products, and operating systems)
Assist and participate with security incident management processes
Experience in the administration of multiple operating systems
Experience in reviewing and analyzing raw packet capture tools including tcpdump and Wireshark**
Experience in reviewing and analyzing large volumes of log files in order to create reports and correlate security events.
Possesses an understanding of the TCP/IP protocol suite, security architecture, and remote access security techniques/products.
Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.
Have strong technical support skills for client systems.
Experience in scripting languages such as Python, PowerShell, Bash, etc.
Candidates must have an understanding of incident response methodologies and technologies.
Strong understanding of web attacks including but not limited to XSS, SQL Injection, command injection, and the ability to analyze and differentiate malicious web traffic from legitimate traffic
Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with associates.
Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis.
Willingness to serve as a member of an Incident Response Team (IRT) and respond to emergency calls during non-business hours, as needed.
Ensure the confidentiality, availability, and integrity of security operations data sources.
Candidate must be able to react quickly, decisively, and deliberately in high stress situations.
Highly motivated individual with the ability to self-start, prioritize, and multi-task
Will be required to support the day-to-day operations of security controls within the following areas: whitelisting, mobile security, web filtering, Windows, VMware, compliance monitoring and application reviews
Ensure proper metrics, analysis, and reporting for continuous process improvement.
Demonstrated capabilities in compliance related disciplines specifically:
Payment Card Industry Standard
Experience with State Security and Breach Regulations for Personally Identifiable Information.
Equivalent Work Experience
CISSP desired (Certified Information System Security Prof.)
CISA desired (Certified Information System Auditor)
GIAC certifications desired