At Nouryon, we are committed to developing essential solutions for a sustainable future, and to our talented team who makes it all possible. We have an exciting opportunity to join our Information Security Specialist team in Houston as a Sr. Security Analyst and IR Specialist. In this role, you will work with our cyber security service providers to monitor network security systems and identify potential cybersecurity threats, provide support during security incidents, act as policy advisor, review incidents and work with various vendors and internal groups to improve security operations.
If you are seeking an opportunity to join a growing, dynamic organization in a highly visible, crucial role, we urge you to read below to learn how you can make an immediate impact with Nouryon!
Primary Responsibilities:
- Monitoring and identifying cybersecurity/information technology-related incidents that involve enterprise systems and data including personally identifiable information (PII).
- Creating cybersecurity reporting metrics, dashboards and scorecards and detecting, investigating, and reporting cybersecurity incidents.
- Helping improve the overall security posture by independently verifying the security of enterprise systems, and ensuring the timely dissemination of security information to the appropriate stakeholders.
- Analyzing firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings.
- Collaborating with SaaS support partners to ensure processes and controls are operating as designed and partners are providing effective incident response
- Conducting reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents.
- Developing and maintaining playbooks to help analysts respond to cyber threats.
Education & Experience:
- 5 or more years of technical experience in the Information Security field
- At least one of the following certifications is required: CISSP, CEH and/or the following SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.
- Experience writing, reviewing and editing cyber-related intelligence/assessment products from multiple sources
- Experience triaging security events using a variety of tools including QRADAR in a security operations environment.
- Experience with packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions.
- Experience conducting incident response activities and seeing incidents through to successful remediation.
- Experience with a programming/scripting language such as Python, Perl or similar.
Knowledge, Skills & Abilities:
- Proven ability to accurately and completely source all data used in intelligence, assessment, and/or planning products.
- Deep knowledge of computer networking concepts and protocols, network security methodologies and network security architecture concepts including topology, protocols, components, and principles.
- Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Demonstrated understanding of network traffic analysis methods including packet-level analysis.
- Attested understanding of malware analysis concepts and methodologies.
- Demonstrated ability to employ incident handling methodologies.
- Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- High proficiency with common cybersecurity management frameworks, regulatory requirements and industry-leading practices.
