Cyber Security Operations Analyst - Cyber Security & TSOC

This position is within FirstEnergy Service Co., a subsidiary of FirstEnergy Corp.

This position’s base reporting location is in Wadsworth Township, Ohio with significant flexible work location opportunities. This position is within FirstEnergy’s IT Security Operations and reports to the Manager of Transmission Security Operations Center (TSOC) .

Preferred work location is Wadsworth, OH.

The ability to work remotely within the United States may be available based on business need. This option is not available in the states of California, Colorado, Illinois, Kentucky, Massachusetts, Montana, Nebraska, New York, Oregon or Washington at this time.

The IT Security Analyst position supports security information, incident response, forensics, threat intelligence, and event monitoring functions utilizing FirstEnergy’s Security Information and Event Management (SIEM) tool, open-sourced tools, forensic tools, threat intelligence platform (TIP), Security Orchestration, Automation and Response (SOAR) platform, and big data solutions. This role focuses primarily on monitoring the events and logs from FirstEnergy’s Information Technology, Cyber Security and Physical Security data feeds and building out analytics based on adversarial behaviors. If activity is picked up through monitoring processes, this role requires the technical expertise to investigate the scenario appropriately. The ability to work independently as well as within groups is essential to this role. Sensitivity to accuracy, timeliness, and professionalism in all areas of support activity is imperative.

Responsibilities Include

Perform daily monitoring and investigative activities while on shift either days or nights

Assist with processing cases that require forensics to validate findings, produce threat intelligence, or fulfill an HR/Legal request

Process different threat reports for value and potential content development, as well as keeping up with the current/relevant threat landscape

Provide continuous feedback on opportunities to enhance current processes and content, assisting to implement those changes

Assist with engineering data to enhance analytical capabilities based on structure, enrichments, and linking between other data sets

Research new capabilities from both open and closed sourced technologies to find opportunities to enhance the Security Operation Center (SOC) ecosystem

Provide documentation for cases and forensic reports

Maintain current knowledge of relevant technology as assigned

Assist with metrics, reporting, and other SOC communications

Process and share information with other FirstEnergy security teams

Assist or lead projects designated by the SOC team

Qualifications

Associates Degree in Computer Science, Information Security, or similar discipline with a minimum of 5-7 years professional experience in a cyber or related IT function . Bachelor’s Degree preferred

Demonstrable subject matter expert knowledge in multiple major security technology systems or areas is required

Master level knowledge of relevant work experiences

Related experience includes but is not limited to: SOC (Security Operations Center) experience, IT Security experience in detection, triage, investigation, and remediation of security incidents within a network

Demonstrate strong communication skills, both verbal and written

Demonstrate creative problem solving and solutioning

Ability to work effectively, independently and within a team environment

Ability to handle, protect and preserve highly confidential information

Ability to learn independently and from others

Ability to find answers effectively using open-sourced information

Understanding of programming/scripting code (Python, PowerShell, Bash), to interpret its functionality

Understanding of both Linux and Windows operating systems

Understanding of networking concepts and technologies

Understanding of adversarial techniques (i.e., MITRE ATT&CK framework)

Basic understanding of statistics

Must be organized and comfortable with ongoing changes in priorities

Must be able to work independently with minimal supervision