Summary:Perform front line accurate and precise real-time monitoring and analysis of correlation of logs/alerts from a multitude of security devices with a focus on the determination of whether said events constitute security incidents as well as network traffic. Working closely with Tier 1 as well as being the point of escalation for Tier 1 analysts.
- Assist in the development and maintenance of security monitoring and incident response services including but not limited to network event analysis, host event analysis, email analysis
- Monitor ticketing queue and support Tier 1 analysts in performing their duties
- Triage security events as they come in both as a first level analyst and an escalation point
- Peer Review Tier 1 work products for completeness and accuracy. Mentor Tier 1 analysts on opportunities to improve
- Lead and re-mediate simple security incidents
- Support complex security incidents as directed by Incident Response Coordination Team
- Perform proactive hunting style activities to identify and baseline the environment. Record findings to build a comprehensive body of knowledge around normal behaviors. Develop rules based on interesting findings to support Tier 1 analysts and peers in repeating the detection activities.
- Support management team on activities as directed to improve the security monitoring and incident response services
- Bachelor's degree in Computer or Software Engineering, Computer Science, Information Management, Information Science or a related technical field preferred
- 4+ years of experience working in information security or information technology roles
- Demonstrated ability to interact with business and technical audiences across all levels of an organization
- Strong time management skills and experience handling multiple initiatives with competing priorities
- Strong analytical and technical skills
- Experience working in a security operations center environment highly desired
- In-depth knowledge of common internet protocols (e.g., DNS, HTTP)
- In-depth knowledge of common information security threats at all OSI layers
- Security knowledge across multiple security domains and technologies (e.g., operating systems, databases, networking, applications, identity and access management)
- Strong knowledge of and experience working in Windows and Linux environments
- Experience working with APIs (e.g., SOAP, RESTful)
- Experience working with common data formats (e.g., CSV, XML, JSON, Syslog, CEF)
- Ability to develop custom scripts using common scripting languages (e.g., Python, PowerShell, VBA)
- Experience programming in object-oriented languages (e.g., C++, C#, Java) preferred
- Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Web Application Penetration Testing (GWAPT), GIAC Network Penetration Testing (GPEN), Certified Ethical Hacker (CEH), and Offensive Security Certified Professional (OSCP)
Global Payments Inc. is an equal opportunity employer.
Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.