TekStream Security Analyst 1

Primary day-to-day job duties involve reviewing alerts from Splunk SIEM and/or SOAR products, coordinating response from the TekStream SIEM implementation. Role Responsibilities 1. Responsible for the first line of security incident coordination and response 2. Investigation initiation for suspected security incidents 3. Monitoring of security events and alerts received from Splunk/Splunk SOAR 4. Managing end user reported incidents according to established run books and policies 5. Initial event triage 6. Initial ticketing (TekStream Jira) 7. Escalation of incidents of a critical or high priority 8. Daily report generation (turnover, activity, incident) 9. Forensic artifact handling & analysis 10. Insider threat case support Skill Requirements • 1 years of work experience with a Bachelor’s or Advanced Degree • Strong understanding and/or proven hands-on experience in security and SIEM-related concepts such as intrusion analysis and incident response. • Experience with Unix and Windows systems. • Knowledge and understanding of network protocols and devices. • Demonstrable problem solving, analytical skills and attention to detail. • Ability to handle high pressure situations in a productive and professional manner. • Understanding of incident investigation, handling, and responses to include incident documentation. • Ability to communicate effectively in English, verbally and in writing Optional (preferred) • Demonstrable background in a Security Operations Centre (SOC) ideal. • Packet and log analysis. • Familiarity with scripting (Bash, Python, Javascript) • Preferred certifications include: CISSP, Security+, Network+, CEH, RHCSA, RHCE, MCSA, MCP, or MCSE • Experience in database administration or developing apps leveraging SQL (Oracle, MySQL/SQL, DB2) • OS and/or network system administration skills and concepts around network configuration, segmentation, firewalls. • Anti-Virus, Network Access Control, Encryption, Vulnerability Id