IT Cyber Security Principal Analyst

IT Cyber Security Principal Analyst

HIGHLIGHTS
Location: Chandler, AZ 85224 (Hybrid)Â
Position Type: Direct Hire
Residency Status: US Citizen or Green Card Holder ONLY Â

Overview:

The IT Cyber Security Principal Analyst with our client is responsible for protecting the company's information systems and networks from cyber threats. Key duties include proactive threat hunting, monitoring, detecting, analyzing, and responding to security incidents, managing multi-vendor security tools, and implementing preventive measures. The role also involves developing security strategies to enhance the company's security posture and requires close collaboration with IT teams, management, and other stakeholders to maintain a robust and compliant cybersecurity framework.

Key Responsibilities:

• Utilize the latest threat intelligence to detect emerging threats.
• Enhance team efficiency by identifying tuning opportunities, creating automation playbooks, and optimizing technology use.
• Review and provide technical advice on tuning recommendations to improve security posture.
• Serve as an escalation point for process and technical advice.
• Conduct quality audits on incident tickets to ensure compliance with processes.
• Conduct detailed investigations of security alerts, including those escalated by Level 1/2 SOC Analysts.
• Analyze technical details to determine whether an anomaly is a potential security threat.
• Manage incidents and response processes, ensuring timely and accurate resolution.
• Perform advanced analysis of incidents, evaluating their sophistication and potential impact.
• Provide technical guidance to Level 1/2 Analysts to help resolve complex incidents.
• Ensure the quality of reports and maintain high standards of accuracy in incident management.
• Lead teams or sub-teams as needed.
• Provide on-call support for high-priority or high-severity incidents.
• Ensure balanced capacity and workforce for 24/7 SOC service delivery.
• Assist in generating raw data for KPIs, submit calculations, record results, and recommend quality performance measures.
• Deliver training to enhance the skills of new and existing team members.
• Contribute to SOC playbooks and knowledgebase with findings from investigations to inform future responses.

Requirements/Qualifications:

• Bachelor’s degree in Computer Science, Information Assurance, Information Security Systems, or a related field.
• Minimum of 7 years of experience in a Cyber Security role in medium to large business and/or previous MSP experience.
• Highly desirable certifications: CompTIA SEC+, CYSA+, or similar credentials.
• Relevant system and network certifications (e.g., A+, Network+, CCNA).

Technical Skills:

• Understanding of network and endpoint security solutions, including firewalls, proxies, antivirus, and IDS/IPS concepts.
• Proficient in networking protocols/technologies (e.g., TCP, IP,
• Experience with SIEM, UEBA, and EDR.
• Proficiency in OSINT techniques and tools (e.g., Maltego, Shodan, SpiderFoot) for threat hunting.
• Advanced knowledge of Unix, Linux, and Windows operating systems.
• Experience with attack and penetration testing methodologies and vulnerability assessment tools (e.g., Metasploit, Burp Suite,Nmap, Nessus, Qualys).
• Ability to build scripts, tools, or methodologies to enhance incident investigation and processes (e.g., Python, PowerShell,Wireshark).
• Knowledgeable with Web application security.
• Possesses a strong understanding of AI applications in threat detection and response, with experience in leveraging AI and machine learning algorithms to enhance security measures and automate threat analysis. Emphasizes the importance of understanding fundamental principles and not relying solely on AI.

Investigation and Analysis Skills:

• Advanced investigation techniques, including:
• Network forensic acquisition and analysis (e.g., Wireshark, PacketTracer, Open Source Tools).
• Endpoint forensic acquisition and analysis (e.g., EnCase, X-Ways, Axiom, IEF, FTK).
• Memory analysis.
• Analysis of various security logs (e.g., endpoint, security appliances, SIEM, Windows event, syslog).
• Reverse malware engineering.
• Email header analysis.
• Vulnerability report analysis and remediation.

Communication and Leadership:

• Strong verbal and written communication skills, with the ability to write structured reports.
• Comfortable leading investigations and communicating with stakeholders and colleagues on both technical and non-technical levels.
• Strong sense of personal responsibility for learning and self-development.

 "We are GTN – The Go To Network"