Cybersecurity Analyst

Description

DOT Security’s mission is to improve the security posture of client organizations by providing detection, response, risk management, and compliance services as identified and required. DOT Security will implement processes, technology, and subject matter expert personnel to monitor and respond to client needs in the cybersecurity and compliance space. Working with client organizations, DOT Security will continuously measure and improve internal processes and technology, which will translate to improved services provided to the client.

DOT Security is seeking team members who are passionate about Cybersecurity, detailed-oriented, desire for continuous learning, and enjoys working in a collaborative environment. We provide our employees with a career progression path, that challenges our team to grow as cybersecurity professionals with strong cybersecurity skills. As a member of DOT Security, you will get the opportunity to work from a brand-new, state of the art Security Operations Center (SOC) facility.

What you will be doing:

As a Core Cybersecurity Analyst, you’ll be on the front lines of defense, working with a highly motivated team that is focused on analyzing, developing, and delivering solutions to stop adversaries. You will be responsible for diligently working on alerts from various defensive security systems/tools (e.g. IDS alerts, firewall, and network logs) to analyze and determine if the alerts represents a threat.

This is an on-site position working out of the DOT Security - Security Operations Center in Mettawa, IL.

What Do Cybersecurity Analysts Do? | A Day in the Life

Responsibilities

• Threat Monitoring & Analysis
• Monitor, analyze, and proactively hunt for threats by investigating real-time alerts from SIEM and other security tools.
• Evaluate and investigate network traffic, interpret logs, and analyze packet captures to detect signs of adversary activity that may not trigger automated alerts.
• Perform event correlation using information gathered from various sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Document investigation findings and analysis actions to effectively communicate information to both internal and external stakeholders.
  

Proactive Threat Hunting & Intelligence

• Conduct intelligence-driven threat hunting to identify indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs).
• Determine and analyze intrusion sets, uncovering weaknesses exploited, exploitation methods, and system impact.
• Investigate phishing emails and perform threat-hunting analysis to identify potential phishing campaigns and emerging attack vectors.
  
  

Incident Detection & Response

• Provide timely detection, investigation, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse incidents while distinguishing these threats from benign activities.
• Evaluate and escalate events and incidents based on established escalation procedures, playbooks, and intelligence gathered from proactive threat-hunting efforts.
• Tune security tools for blocking, reporting, and proactive detection based on customers’ business needs and evolving threat landscapes.
  
  

Security Enhancement & Continuous Improvement

• Contribute to projects that enhance the security posture of customer environments by leveraging insights from both reactive incident response and proactive threat hunting.
• Develop and refine detection rules, automation playbooks, and security policies to improve threat detection and response capabilities.
  
  

Things We Are Looking For

• Core Skills & Abilities:
• Strong critical thinking and problem-solving skills
• Strong written and verbal communication skills, with the ability to effectively communicate to non-technical stakeholders
  

Cybersecurity Knowledge & Threat Awareness:

• Knowledge of current threats and vulnerabilities
• Experience working with and applying the MITRE ATT&CK framework

• Understanding of system and application security threats, including:
• Buffer overflow
• Mobile code
• Cross-site scripting (XSS)
• PL/SQL injections
• Race conditions
• Covert channels
• Replay attacks
• Return-oriented attacks
• Malicious code
  

Network & Security Infrastructure Expertise:

• Understanding of network traffic flows, including:
• Transmission Control Protocol (TCP) & Internet Protocol (IP)
• Open System Interconnection (OSI) Model
• IT Infrastructure Library (ITIL) framework
  
  

• Experience with IT security principles & methods, such as:
• Firewalls
• Demilitarized zones (DMZ)
• Virtual Private Networks (VPN)
• Encryption algorithms
  

Technical & Hands-On Experience:

• Hands-on experience with Security Information and Event Management (SIEM) platforms or log management systems
• Experience in an IT Infrastructure focused role such as Systems Administrator, Network Administrator, Systems Engineer, Network Engineer, or similar.
• Ability to analyze malware
  
  

Education:

• Bachelor's degree in Computer Science, Information Security, Information Technology, or Cybersecurity (college degrees may be substituted for three years of relevant work experience)
• Master’s degree or four years of relevant work experience
  
  

Certifications:

• A Core Cybersecurity Analyst should have at minimum one of the following certifications:
• CompTIA Security
• CompTIA Cysa
• A Core Cybersecurity Analyst with the following certification is highly preferred:
• TCM Security – PSAA (Practical SOC Analyst Associate)
• ECTHP (Certified Threat Hunting Professional)
• BTL1 (Blue Team Level 1)
  

Benefits

• Up to 20 days of PTO
• Up to 7 Paid Sick Days
• 12 paid holidays
• Paid Parental Leave
• Comprehensive Health, Disability Life, Dental and Vision Plans
• 401(K) & retirement plans
• Tenure incentives at 5- (Tiffany & Co. Gift Card), 10- (Rolex watch), and 20- ($20,000 check) year mark(s)
• Continued education reimbursement
• On-going training & development opportunities
  
  

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. At DOT Security, compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current salary range is $90,000-$110,000.