Security Information and Event Management (SIEM) Analyst

Summary of the Role:

The SIEM Analyst is responsible for the security analysis, incident classification and incident response actions including notification and alerting. Monitors for possible security incidents, using knowledge of attack types and standard protocol behavior to classify incidents, comment, and provide advice on mitigation or remedial actions to the client.

As an SIEM analyst, you will also be responsible for Technical Escalation Point during security incidents, establishing the extent of an attack, the business impacts, and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a re-occurrence.

 

General Duties and Objectives

  • Perform daily system monitoring and reviewing of log data on the SIEM, build searches, check for alarms, drill down through log sources, identify event logs, events and alerts.
  • Run phishing campaign email
  • Check suspicious attachments or emails reported by employees
  • Check and resolve basic antivirus alerts.
  • Develop and maintain installation and configuration procedures.
  • Assist in the repair and recover from hardware or software failures.

About the Ideal Candidate

  • 4-6 years of experience analyzing malicious traffic and building detections
  • 4-6 years of experience in applications security, network security, systems security
  • Hands on knowledge on programming languages, like Python
  • Customer-facing platform implementation experience, including use case development, assessment, planning, execution, and operations
  • Should have sound/good technical knowledge in SIEM platform components and applications
  • Should have experience on tools and technologies expected: SIEM, UEBA, NTA, EDR, AV/AM, SOAR

Cybersecurity, Audit and Compliance Analyst

Summary of the Role:

The Cybersecurity, Audit and Compliance Analyst is responsible for working with databrackets’ clients in several capacities, including but not limited to:

  • reviewing compliance and Cybersecurity posture;
  • Drafting and delivering technical reports;
  • drafting security policies and procedures;
  • Building maturity models, creating business proposals;
  • delivering a host of technical and business-centric documentation and work products.

As an analyst, You will also be responsible for managing projects, drafting work products, executing Governance, Risk & Compliance (GRC) engagements, and ensuring that databrackets’ clients meet their compliance, privacy, and/or security requirements.

 

General Duties and Objectives

  • Perform analysis and trending (reports, dashboards, status, etc.) on internal or external progress or events affecting clients’ information security.
  • Engage with clients to understand technical process steps, identify risks, and drive toward completed documentation that aligns with the various programs.
  • Manage client meetings, including ensuring all data requests, timing and schedules, and contact points are defined.
  • Prepare client deliverables utilizing excellent analytical, writing, and presentation skills.
  • Research regulations by reviewing regulatory bulletins and other sources of information.
  • Prepare management reports.
  • Consult with leadership to improve control efficiencies and operating effectiveness.
  • Partner with key client stakeholders to obtain and review compliance to support technical ISO, SOC 2, and other certification/attestation requirements.
  • Support the completion of the annual HIPAA, NYDFS, ISO, NIST, COSO, or other clients’ attestations.
  • Manage key compliance milestones for critical systems and complex processes.
  • Ensure that all IT policies and procedures are documented and updated according to regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and that the repository or system of record is up to date defined by the IT Governance program.
  • Coordinate various GRC repository system improvement projects and activities to enhance the system of record and maintain effective process controls.
  • Develop and maintain risk registers and design self-assessments to help identify risks.
  • Serve as an escalation point to track and follow up on risk events.

 

About the Ideal Candidate

  • University degree in Computer Science, Information Technology or equivalent
  • 2 to 3 years of IT audit experience.
  • BS/MS Degree in Computer Science or related field and/or 5 years of experience in Information Security or Assurance, Privacy, Forensics or IT Audit preferred.
  • CISA, CISM, CIPP, CIA, SANS GIAC, CISSP, and/or other cybersecurity-related certifications recommended. Security certifications such as GSNA, GCCC, CISSP, or other related certifications.
  • Excellent written and verbal communication skills.
  • Knowledge of IT controls, risk assessments, and the design and testing of security measures.
  • Understanding of technical audit processes.
  • Understanding of Cyber and Information Security and how to align client initiatives with the company’s business objectives.
  • Demonstrated success in a client-facing service role.
  • Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.
  • Key Security Framework Background: Understand cybersecurity frameworks and implement or adapt to an organization’s security program to become certified. Such frameworks include ISO 27001/2; NIST Security frameworks including CSF, 800-171, 800-53, 800-37,  FEDRAMP.
  • Key Compliance Background: Understand how to review control design from policy to procedure to evidence. Have experience in making improvement recommendations and remediating control design.
  • Familiarity with data governance and privacy regulations: GLBA, NYDFS, Subject matter expertise related to:
    • SSAE 18 / SOC 1 / SOC 2
    • IT risk assessment / operational IT audit
    • IT general controls
    • COBIT framework

Cybersecurity, Audit and Compliance Analyst

Summary of the Role:

The Cybersecurity, Audit and Compliance Analyst is responsible for working with databrackets’ clients in several capacities, including but not limited to:

  • reviewing compliance and Cybersecurity posture;
  • Drafting and delivering technical reports;
  • drafting security policies and procedures;
  • Building maturity models, creating business proposals;
  • delivering a host of technical and business-centric documentation and work products.

As an analyst, You will also be responsible for managing projects, drafting work products, executing Governance, Risk & Compliance (GRC) engagements, and ensuring that databrackets’ clients meet their compliance, privacy, and/or security requirements.

 

General Duties and Objectives

  • Perform analysis and trending (reports, dashboards, status, etc.) on internal or external progress or events affecting clients’ information security.
  • Engage with clients to understand technical process steps, identify risks, and drive toward completed documentation that aligns with the various programs.
  • Manage client meetings, including ensuring all data requests, timing and schedules, and contact points are defined.
  • Prepare client deliverables utilizing excellent analytical, writing, and presentation skills.
  • Research regulations by reviewing regulatory bulletins and other sources of information.
  • Prepare management reports.
  • Consult with leadership to improve control efficiencies and operating effectiveness.
  • Partner with key client stakeholders to obtain and review compliance to support technical ISO, SOC 2, and other certification/attestation requirements.
  • Support the completion of the annual HIPAA, NYDFS, ISO, NIST, COSO, or other clients’ attestations.
  • Manage key compliance milestones for critical systems and complex processes.
  • Ensure that all IT policies and procedures are documented and updated according to regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and that the repository or system of record is up to date defined by the IT Governance program.
  • Coordinate various GRC repository system improvement projects and activities to enhance the system of record and maintain effective process controls.
  • Develop and maintain risk registers and design self-assessments to help identify risks.
  • Serve as an escalation point to track and follow up on risk events.

 

About the Ideal Candidate

  • University degree in Computer Science, Information Technology or equivalent
  • 2 to 3 years of IT audit experience.
  • BS/MS Degree in Computer Science or related field and/or 5 years of experience in Information Security or Assurance, Privacy, Forensics or IT Audit preferred.
  • CISA, CISM, CIPP, CIA, SANS GIAC, CISSP, and/or other cybersecurity-related certifications recommended. Security certifications such as GSNA, GCCC, CISSP, or other related certifications.
  • Excellent written and verbal communication skills.
  • Knowledge of IT controls, risk assessments, and the design and testing of security measures.
  • Understanding of technical audit processes.
  • Understanding of Cyber and Information Security and how to align client initiatives with the company’s business objectives.
  • Demonstrated success in a client-facing service role.
  • Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.
  • Key Security Framework Background: Understand cybersecurity frameworks and implement or adapt to an organization’s security program to become certified. Such frameworks include ISO 27001/2; NIST Security frameworks including CSF, 800-171, 800-53, 800-37,  FEDRAMP.
  • Key Compliance Background: Understand how to review control design from policy to procedure to evidence. Have experience in making improvement recommendations and remediating control design.
  • Familiarity with data governance and privacy regulations: GLBA, NYDFS, Subject matter expertise related to:
    • SSAE 18 / SOC 1 / SOC 2
    • IT risk assessment / operational IT audit
    • IT general controls
    • COBIT framework