SecOps Analyst - Burlington, United States - Open Approach

Description

Job Description

SECOPS ANALYST

Open Approach is Growing Again

WHO WE ARE

We are a client-focused, values-driven company that provides comprehensive technical support for organizations of all sizes and types here in New England and beyond. We support a wide variety of technologies for our clients, and prioritize our clients' needs and best interests over our own sales numbers.

As such, we are not a sales-driven organization. Rather, we let sound and reasonable decision-making drive our bottom line. This translates into long-term relationships with our clients that are rewarding on many levels, not the least of which is a high degree of personal interaction that enhances the enjoyment of our work and our success.

Open Approach is committed to cultivating and preserving a culture of inclusion and connectedness. The collective sum of the individual differences, innovation, knowledge, self-expression, and talent that our employees invest in their work represents our culture. We welcome the unique contributions that you can bring in terms of education, opinions, culture, ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veteran's status, color, religion, disability, sexual orientation, and beliefs.

THE IDEAL CANDIDATE

We are looking for an enthusiastic, empathetic, personable, self-driven individual undeterred by the challenges that come with working in a small but growing tech company. Day-to-day tasks can vary significantly. As a Security Operations Analyst, you play a crucial role in ensuring the safety and security of our company and our clients. You will be responsible for monitoring and analyzing security systems and data, identifying and responding to security incidents, and ensuring the overall integrity and confidentiality of our client's systems and data.

On a typical day, you will be monitoring and analyzing security alerts and data, investigating potential incidents, and responding in a timely and effective manner. You will need to be able to work collaboratively with other teams to resolve complex security issues, communicating clearly to both technical and non-technical stakeholders.

Your role, however, is not just about technical analysis and incident response. It's also about building relationships with our customers and demonstrating a commitment to their security and privacy. You'll be empowered to and responsible for going above and beyond to ensure that our customers feel safe and secure in their interactions with us.

A successful candidate for this position, above all, will closely reflect the values that we have built this company upon; honesty, integrity, and an ambition to continually improve every aspect of our work.

While we seek applicants who have studied computer science of one sort or another, we are primarily interested in a range of qualities and aptitudes that we know shape the right person for this position.

Specifically, these attributes of interest would include aspects such as:

• The ability to communicate effectively both verbally and in writing
• An empathetic disposition
• Deep technical aptitude and interest
• Detail-oriented and highly organized
• Natural curiosity
• A "self-starting" level of motivation and initiative
• A sense of humor
• Patience

As you can see, we are not looking for just anyone. If you are the right person, yet don't have all the Cyber Security foundation (some are definitely still needed), we're happy to train you, guide you, and help you succeed

THE SPECIFICS OF THE JOB

RESPONSIBILITIES:

• Administration of Security Awareness and Phishing testing
• Implementation and administration of Privileged Access Management system for our clients
• SIEM alert triage and investigation. Modify alerts and metrics as needed.
• Review alerts and suspicious activity reported by our EDR
• Review vulnerabilities and create remediation plans for vulnerability scanning
• Working with our HelpDesk for any security related escalations or questions
• Create documentation to share your personal experience and knowledge with others, internal and client-facing
• Be willing to take ownership of an issue, seeing it through from beginning to end
• Help improve quality, service efficiency, and service effectiveness

JOB REQUIREMENTS:

• Technical Aptitude: An understanding of security technologies, including firewalls, intrusion detection and prevention systems, endpoint protection, and other security-related tools.
• Analytical Skills: The ability to analyze security events and incidents and to identify potential security threats or vulnerabilities.
• Attention to Detail: The ability to pay close attention to details, ensuring that security incidents are properly investigated and resolved.
• Standards: Uphold our operational and security standards and have a keen eye to seek out and identify where our standards are not met.
• Continuous Learning: The willingness to learn and stay up-to-date with emerging security technologies, trends, and best practices is essential for staying current and developing a successful career in this role.
• Time Management: The ability to manage time effectively and to prioritize tasks according to urgency and importance, ensuring that security incidents are addressed in a timely and efficient manner.
• Documentation and Repeatable Processes: Maintaining and communicating standards, change management, and establishing repeatable processes are very important in the Security Operations team.

PREFERRED SKILLS (Not All 'll get the opportunity to learn them):

Active Directory

• Demonstratable understanding of Active Directory Users and Computers, namely around object types and their uses, and how they can be used to create secure environments.
• Understanding of Group Policy and how it ties into an Active Directory environment, including creating, scoping, and assigning policies.
• Understanding the difference between on-premises and Azure-based Active Directory.

Virtualization

• Familiarity with virtualization technologies, such as Hyper-V, VMWare, VirtualBox, and Windows Sandbox, and how they can be leveraged while troubleshooting a security incident or policy deployment.

Networking

• General understanding of networking concepts (DHCP, DNS, Routing) is needed to understand how security applies at the networking layer.
• Familiarity with remote access methodologies, such as SSL and IPSec VPNs, and a general sense of how users can access company resources remotely.
• Basic Understanding of secure network architecture and design principles, including network segmentation and access control.

Firewalls

• General understanding of what a firewall is, how it operates, how policies can be used to filter traffic, and how they can be configured to enhance the security of an environment.

DNS

• Differences between private and public DNS.
• Knowledge of record types and their purpose: A, CNAME, SPF, DKIM, MX, TXT
• Understanding of how to troubleshoot and identify DNS and resolution issues, including the use of command line tools to find responding servers and lookup zones.

Microsoft 365 & Intune

• Understanding of mail flow and its relation to spam filtering and email security platforms.
• Understanding the concepts of Mobile Device Management and how those policies can be used to secure both corporate and personal devices.
• Familiarity with Conditional Access concepts, named locations, policy creation, and reporting.
• Familiarity with Azure Authentication Methods, policies, and registration events.
• Familiarity with Risky Users and Sign-Ins assessment and reporting.

Cybersecurity Tools and Technologies

• Understanding of security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, security information and event management (SIEM), and vulnerability scanners.
• Experience in analyzing security alerts and incidents, identifying security threats and risks, and providing recommendations for mitigation.
• Understanding of security testing methodologies such as penetration testing, vulnerability assessment, and risk assessment.
• Basic understanding of cryptographic concepts such as encryption, decryption, digital signatures, and certificates.

Frameworks and Regulations

• Understanding of security frameworks such as NIST, CIS, and ISO.

Incident Response

• Basic experience with incident response processes and procedures, including triage, containment, investigation, and recovery.

For the position, if you are applying for it to be remote, we require at least 2-3 years of Tech Support and deep and wide experience, preferably with an MSP. Life in an MSP requires very deep and wide tech knowledge and can be overwhelming for those who do not have the foundation needed. We want this to be the right fit for you.

If you are local, we will accelerate the learning curve with you in the office.

BENEFITS

We offer a number of benefits including:

• A generous monthly contribution toward company-provided health, dental, and/or vision care
• Company sponsored Life Insurance and STD/LTD, as well as Worker's Comp
• 401k matching (4% starting day 1)
• 16 days of starting PTO (20 days on your 1-year anniversary), plus Holidays
• Fully paid Parental leave
• Smartphone replacement and plan coverage for On-Call employees
• Free snacks, coffee, and a weekly company lunch (for in-office teammates)
• A pet-friendly office

HOW NOT TO APPLY

• Forget to write a good cover letter so that we have no way of knowing how articulate you really are
• Include a lot of grammatical and structural errors in your cover letter and resume
• Hide your personality so we can't tell a thing about you, other than you are highly efficient in Microsoft Word

Thanks for your interest Best of luck to you in your search for meaningful work

Learn more about us at