Threat Detection & Response (TDR) Analyst
Atlanta, Georgia  


We have a Contract To Hire position for "Threat Detection & Response (TDR) Analyst" with one of our direct clients in Atlanta, Georgia for initial contract duration of  3+ months. No third party candidates considered for this position. US citizens and all those authorized to work in the US are encouraged to apply.

Job Description

Our Client , we take security seriously. After all, we’re in the business of connecting people to the things they do and love through our products, services, and technologies. Each of those delivery platforms depends on top-tier security, so we only enlist the best in the business to help protect our data and technology.  And monitoring and responding to cyber threats is important, high stakes work.

Our Client is looking for a Threat Detection and Response (TDR) Analyst who will tackle those responsibilities for our network & systems, as well as collecting and analyzing threat intelligence, performing security monitoring activities, and conducting incident responses, while reporting directly to our Senior Manager of Threat Detection.

It’s a job that requires some serious business knowledge and strong capabilities in technology and security. If you’re looking for this kind of challenge, keep reading.  We’ll tell you more about what you’ll do, and what experience you’ll need to have, as well as what you can expect from us.

What You’ll Do :

  • Monitor Client networks, systems, and information assets for security events, so you can detect cyber incidents and minimize their impact to the organization.
  • Detect and respond to incidents using SIEM, behavioral analytics, and network analysis.
  • Analyze log files from a variety of sources to ID potential threats to network security.
  • You’ll document and escalate cyber incidents that may cause ongoing and immediate impact to the environment.
  • Be responsive, so you can mitigate the impact of cybersecurity incidents on the Client environment.
  • Update scenario-based procedures, classifications, techniques, and guidance as required.
  • Perform incident triage, making recommendations that allow for rapid remediation.
  • Track and document cybersecurity incidents from first detection until final resolution.
  • Keep up with the latest trends in threat intelligence, security monitoring and incident response, and collect data from subscription and open-source feeds.
  • Have an eye on changes in threat dispositions, activities, tactics, capabilities, objectives as related to designated cyber operations warning problem sets and report on these issues regularly.
  • Operate in a proactive threat intelligence and active defense program to collect and analyze threat intelligence data, then you’ll incorporate that information so decisions can be made at operational and strategic levels.

What’s In It For You?

Really good question, and we have some good answers that we hope you like.

We want you to feel cared for and respected (like you do with our customers), and that starts with Client highly competitive pay and other compensation perks (401k + company matching, comprehensive medical benefits, etc.).  We also offer free Internet and other Client discounted services, tuition reimbursement for academic pursuits, adoption assistance, paid time off to volunteer, childcare and eldercare resources, pet insurance and much more.

Good work should be rewarded, and not just with a healthy paycheck.  The Client culture is one that values people more than technology, so it’s our goal to make sure you feel recognized for your contributions.  It’s also important to work alongside colleagues who “get you.”  At Client, you’ll find a workplace where relationships are crafted with care and successes are celebrated with high fives. We strive to create an environment where you can do you, and everyone from leadership to new hires can support and feel supported.

Growth is a good thing, and you’ll have opportunities to learn and train so you can sharpen your skills and explore opportunities across the Client family of businesses that will continue to challenge and empower you. In the future, you may have the opportunity to cultivate customer relationships in other sectors where we operate like cleantech, health care and new forms of transportation mobility. 

Required Skills

Qualifications:

Who You Are :

As you’ve seen, this job requires someone who is at the top of their security game.  Because it’s such a critical role, there are more than a few requirements that will assure you’re on track for this opportunity:

  • 3+ years of technical experience in the Information Security field
  • Experience writing, reviewing and editing cyber-related intelligence/assessment products from multiple sources
  • Experience triaging security events using a variety of tools including QRADAR in a security operations environment
  • Experience with packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions
  • Familiarity with conduct incident response activities and see incidents through to successful remediation
  • Experience with a programming/scripting language such as Python, Perl or similar, and rock solid when it comes to sourcing data used in intelligence, assessment and/or planning products, and are always thorough and accurate
  • Borderline guru when it comes to computer networking concepts and protocols, and network security methodologies
  • Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions, and a solid understanding of network traffic analysis methods including packet-level analysis
  • Experience with network security architecture concepts including topology, protocols, components, and principles
  • Good understanding of cyber-attack stages, as well as malware analysis concepts and methodologies and can confidently employ incident handling methodologies
  • Proficiency with common cybersecurity management frameworks, regulatory requirements and industry leading practices
  • At least one of the following certifications (or you will obtain one within your first 12 months of employment): CISSP, CEH and/or the following SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.
  • On top of all this expertise, you also show up with a some super strong skillsets, including process execution, time management and organizational skills, as well as an admirable work ethic, leadership skills, initiative and ownership of work
  • Ability to communicate in a confident and well-organized manner, whether that’s verbal, written, and/or visual communications

Preferred Skills

  • BS in Computer Science, Information Systems, Engineering, or a similar field.
  • Experience with endpoint security agents (Carbon Black, Crowdstrike, etc. as well as network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques.
  • Experience with host-based detection and prevention suites (Microsoft SCEP, OSSEC, etc.)
  • Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.

 

(For Candidate use only)

   
 

Maximum file size 5mb (doc/docx/pdf/rtf)