Security Operations Analyst

You're looking for a change, and so are we. At Venable, we know that every new hire brings valuable experience, new perspectives, and a chance to raise the bar on our approach to how we work. That's why we're looking for a Security Operations Analyst to join our firm.

The Security Operations Analyst will perform several functions within the Information Security team. Primary responsibilities will include monitoring, triaging, and documenting security events; investigating and containing incidents; and writing after action reports.

The ideal candidate will be responsible for...

• Monitoring security systems, such as firewalls, end point detection and response (EDR) systems, cloud access security broker (CASB) and security information and event management (SIEM) tools. Identifying potential security incidents, investigate alerts, and provide incident response when needed.
• Investigate, analyze, and respond to security incidents and breaches. Coordinate with internal teams, stakeholders, and external parties, if necessary, to manage incidents from detection to resolution. Provide subject matter guidance on incident containment, eradication, and recovery.
• Collaborate with infrastructure and application teams to manage vulnerability scanning and remediation processes. Perform vulnerability assessments and assist in developing strategies to address identified vulnerabilities.
• Characterize and analyze host, network, and cloud logs and activity to identify anomalous activity and potential threats to resources.

The successful candidate will demonstrate...

• Bachelor's degree in Information/Cyber Security, Information Systems or Computer Science (or technical discipline), or an equivalent combination of education and experience
• 3+ years of experience performing security operations
• Experience searching and extracting log data from Splunk preferred
• Preferred certifications: Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), and/or other relevant certifications
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of Incident Response within Cloud Environments (e.g., Azure, AWS)
• Knowledge of Incident Response within SaaS Applications (e.g., M365)
• Knowledge of forensic artifacts typically found in Windows and Linux operating systems
• Knowledge of incident response and handling methodologies

Pay Range for Candidates in Washington, DC:

$110,000 - $115,000 per year

Pay Range for Candidates in Baltimore:

$115,000 - $120,000 per year

The range provided is the minimum and maximum salary that Venable in good faith believes at the time of this posting that it is willing to pay for the advertised position. Exact compensation will be determined based on individual candidate qualifications and location.

Committing your time and talent is no small matter-at Venable, we know that superior client service begins with an investment in our people. Our competitive compensation, robust benefits, and programs that support our employees' well-being, families, and futures reflect our dedication to prioritizing the whole person, not just the professional.

Venable's benefits package includes medical, dental, vision, disability, life insurance, flexible spending and healthcare savings accounts, 401(k) with firm profit share, paid time off, firm paid holidays, wellness and personal advocacy programs, family planning resources and leave programs, tuition reimbursement, and more. New employees are provided a detailed orientation to the firm's benefit offerings upon hire.

Here, we strive to offer the kind of care that radiates, from our colleagues to our clients, to our communities, so that success finds everyone.

Education and Experience Requirements:

• Bachelor's degree in Information/Cyber Security, Information Systems or Computer Science (or technical discipline), or an equivalent combination of education and experience
• Preferred certifications: Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), and/or other relevant certifications.
• A minimum of 3 years of experience performing security operations and performing network analysis
• Experience searching and extracting log data from Splunk preferred

Knowledge Requirements:

• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of Incident Response within Cloud Environments (e.g., Azure, AWS)
• Knowledge of IT security principles
• Knowledge of IT threats and vulnerabilities
• Knowledge of database systems
• Knowledge of Digital Forensics analysis
• Knowledge of forensic artifacts typically found in Windows and Linux operating systems
• Knowledge of host/network access control mechanisms (e.g., access control list)
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
• Knowledge of incident response and handling methodologies
• Knowledge of IT security principles and firm requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
• Knowledge of operating systems including Windows, Linux and Mac
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
• Knowledge of basic system administration, network, cloud, and operating system hardening techniques

Skill Requirements:

• Skill in using diverse logging and host analysis to correlate and make determinations about successful and unsuccessful attacks
• Skill of identifying, capturing, containing, and reporting malware
• Skill in collecting data from a variety of IT security resources
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks
• Skill in using security event correlation tools

Other Requirements:

• Strong focus on client service and responsiveness to external and internal involved parties
• Strong focus on managing priorities, meeting deadlines, and collaborating with team members across the firm
• Effective verbal and written communication skills to compose outgoing notifications, technology communications, and executive level reporting and summaries
• Basic understanding of programming/scripting languages (e.g., Python, PowerShell) is a plus.
• Strong analytical and problem-solving skills.
• Ability to work effectively both independently and in a team environment.

Physical Requirements:

• Work is mainly sedentary