Senior Security Operations Analyst

You're looking for a change, and so are we. At Venable, we know that every new hire brings valuable experience, new perspectives, and a chance to raise the bar on our approach to how we work. That's why we're looking for a Senior Security Operations Analyst to join our firm.

The Senior Security Operations Analyst will perform several functions within the Information Security team, playing a critical role in protecting our organization's information systems and data from security threats. The Senior Security Operations Analyst will lead the monitoring, analysis, and response to security incidents, while also providing guidance and support to junior analysts. This is a senior-level position that requires strong technical expertise in security operations, incident response, and threat detection.

The ideal candidate will be responsible for...

• Monitoring security systems, such as firewalls, end point detection and response (EDR) systems, cloud access security broker (CASB) and security information and event management (SIEM) tools. Identifying potential security incidents, investigate alerts, and provide incident response when needed.
• Leading the investigation, analysis, and response to security incidents and breaches. Coordinating with internal teams, stakeholders, and external parties, if necessary, to manage incidents from detection to resolution. Providing expert guidance on incident containment, eradication, and recovery.
• Characterizing and analyzing host, network, and cloud logs and activity to identify anomalous activity and potential threats to resources.
• Writing and distributing after action reports that provide security recommendations to prevent similar incidents in the future.
• Utilizing SIEM tools, such as SPLUNK and EDR tools, to enhance monitoring capabilities and expanding on the security posture of the current environment.

The successful candidate will demonstrate...

• Bachelor's degree in Information/Cyber Security, Information Systems or Computer Science (or technical discipline), or an equivalent combination of education and experience
• 5+ years of experience performing security operations
• 2+ years of experience with forensic data acquisition
• 2+ years of experience performing host analysis and/or digital forensics on Windows and Linux operating systems
• 2+ years of experience performing network analysis
• Experience searching and extracting log data from Splunk preferred
• Preferred certifications: Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), and/or other relevant certifications.
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of Incident Response within Cloud Environments (e.g., Azure, AWS)
• Knowledge of Incident Response within SaaS Applications (e.g., M365)
• Knowledge of forensic artifacts typically found in Windows and Linux operating systems
• Knowledge of incident response and handling methodologies

Pay Range for Candidates in Washington, DC:

$114,000 - $145,000 per year

Pay Range for Candidates in Baltimore:

$109,000 - $140,000 per year

The range provided is the minimum and maximum salary that Venable in good faith believes at the time of this posting that it is willing to pay for the advertised position. Exact compensation will be determined based on individual candidate qualifications and location.

Committing your time and talent is no small matter-at Venable, we know that superior client service begins with an investment in our people. Our competitive compensation, robust benefits, and programs that support our employees' well-being, families, and futures reflect our dedication to prioritizing the whole person, not just the professional.

Venable's benefits package includes medical, dental, vision, disability, life insurance, flexible spending and healthcare savings accounts, 401(k) with firm profit share, paid time off, firm paid holidays, wellness and personal advocacy programs, family planning resources and leave programs, tuition reimbursement, and more. New employees are provided a detailed orientation to the firm's benefit offerings upon hire.

Here, we strive to offer the kind of care that radiates, from our colleagues to our clients, to our communities, so that success finds everyone.

Education and Experience Requirements

• Bachelor's degree in Information/Cyber Security, Information Systems or Computer Science (or technical discipline), or an equivalent combination of education and experience
• A minimum of 5 years of experience performing security operations
• A minimum of 2 years of experience with forensic data acquisition
• A minimum of 2 years of experience performing host analysis and/or digital forensics on Windows and Linux operating systems
• A minimum of 2 years of experience performing network analysis
• Experience searching and extracting log data from Splunk preferred
• Preferred certifications: Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), and/or other relevant certifications.

Knowledge Requirements:

• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of IT security principles
• Knowledge of Incident Response within Cloud Environments (e.g., Azure, AWS)
• Knowledge of Incident Response within SaaS Applications (e.g., M365)
• Knowledge of IT threats and vulnerabilities
• Knowledge of database systems
• Knowledge of Digital Forensics analysis
• Knowledge of Digital Forensics best practices
• Knowledge of forensic artifacts typically found in Windows and Linux operating systems
• Knowledge of Memory Analysis
• Knowledge of host/network access control mechanisms (e.g., access control list)
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
• Knowledge of incident response and handling methodologies
• Knowledge of IT security principles and firm requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
• Knowledge of network traffic analysis methods
• Knowledge of operating systems including Windows, Linux and Mac
• Knowledge of operating system command line including Windows, Linux and Mac.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
• Knowledge of the common networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications
• Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
• Knowledge of common network tools (e.g., ping, traceroute, nslookup)
• Knowledge of basic system administration, network, and operating system hardening techniques
• Knowledge of Windows/Unix ports and services

Skill Requirements:

• Skill in using diverse logging and host analysis to correlate and make determinations about successful and unsuccessful attacks
• Skill of identifying, capturing, containing, and reporting malware
• Skill in collecting data from a variety of IT security resources
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks
• Skill in using security event correlation tools

Other Requirements

• Strong focus on client service and responsiveness to external and internal involved parties
• Strong focus on managing priorities, meeting deadlines, and collaborating with team members across the firm
• Effective verbal and written communication skills to compose outgoing notifications, technology communications, and executive level reporting and summaries
• Basic understanding of programming/scripting languages (e.g., Python, PowerShell) is a plus.
• Strong analytical and problem-solving skills.
• Ability to work effectively both independently and in a team environment.
• Ability to exercise discretion and independent judgment in the performance of responsibilities

Physical Requirements

• Work is mainly sedentary