Security Analyst III

About the Role:

The Security Analyst III performs third-tier incident response, analysis, as well as proactive research, data mining, baselining, and profiling to support development and refinement of Infrastructure, Architecture, SIEM, and other monitoring, alerting, and information management services.

What You'll Do:

• Provide a third (and last) tier escalation point for customer-impacting security event analysis and investigation, assisting other Analysts with prompt, effective resolution of issues.
• Follow established identity assurance and access control procedures to guarantee the confidentiality and integrity of our customers' sensitive data.
• Maintain currency and fluency in news, events, technologies, platforms, tools, and concepts across all domains of Information Security, and of how these things impact Uniti, the CSOC, and its customers.
• Develop and implement both reactive and proactive research activities-as well as tools and techniques-to leverage production-scale volumes of security event data to extend and refine existing SIEM content, network baselines, detection protocols, mitigation activities, and response methodologies.
• Work in concert with CSOC's Senior Engineer to assure that log collection, event correlation, attack detection, and mitigation/response tools, techniques, and methodologies are effectively and efficiently maintained and implemented and keep pace with the constantly-evolving threat landscape.
• Maintain currency in CSOC and Uniti product and service offerings, as well as support objectives and requirements thereof.
• Provide on-call presence to ensure continuity of operations outside of normal business hours.
• Address technical issues, event analysis, and deep investigations escalated from junior Analysts and Engineers, synthesizing internal and external resources as needed to reach resolution.
• Collect, assess, and integrate new and developing security news and threat and vulnerability data from sources across the professional sphere, using this intelligence to continually develop and refine CSOC's technology, process, and policy for the good of our customers.
• Proactively analyze and creatively model existing event data to detect new threats or compromises, to develop new or improved baselines and detection heuristics, and to establish and refine baselines and behavioral forecasts to support continual improvement of existing detection, mitigation, and response patterns.
• Work closely with the Senior Engineer and CSOC Leadership to suggest and implement technical changes, process improvements, and content/asset enhancements based on research and experimental findings.
• Coordinate with Engineers, and vendor entities as appropriate to identify, isolate, and remediate workflow-impacting and/or service-impacting issues as they arise and, where appropriate, participate in the preparation of work procedures to remedy.
• Collect and analyze operational data and develop procedural documentation in response to business needs or to address emergent technical or security issues.
• Rigorously and accurately document all work carried out in response to customer issues to assure consistency, transparency, validity, and auditability of all troubleshooting efforts undertaken.

Work Complexity:
The Security Analyst III will be tasked with a complex and diverse array of responsibilities across a number of skill domains. Effective discharge of his/her responsibilities will require:

- An advanced-to-expert knowledge and comfort level across all areas of data networking, from carrier-level distribution to common LAN service deployment patterns
- Exceptional familiarity with the deployment, configuration, and troubleshooting of perimeter security appliances and security event monitoring services/products into diverse data environments in a secure, compliant, and maintainable manner
- Effective project management and general leadership capabilities, with the ability to carry out long-range and open-ended initiatives with minimal oversight, to engage diverse resources inside and outside of Uniti as needed, and to serve in all interactions as an exemplar of Uniti's and of CSOC's core principles of professionalism and service.
- The ability to prioritize and multitask deeply across several problem domains with competing and frequently changing requirements and deadlines;
- The ability to swiftly and efficiently integrate and synthesize a wide range of requirements, data sources, regulations, restrictions, and customer needs to generate effective and acceptable solutions to problems and to integrate new tools, technologies, processes, and procedures into an existing solution/workflow

Do You Have?

- 3-5 years advanced network traffic flow configuration/debugging/troubleshooting experience in general LAN and WAN environments, to include SDWAN.
- 3-4 years configuring and troubleshooting basic to advanced firewall installations, including IPsec terminations, UTM, identity-based policy controls, etc.
- 3+ years advanced-level experience implementing perimeter firewalls, UTM platforms, and SIEM technologies.

- 2-3 years' experience with network security monitoring, event correlation, and traffic analysis technologies, with an emphasis on event detection

- A high level of motivation, including the ability to be a self-starter

- Experience authoring and/or editing technical documentation in a professional setting.
- Exceptional communication skills (written and verbal) and experience in a customer-facing service role.
- Familiarity with general information security policy frameworks, best-practice guidelines (e.g., ISO/IEC 27000 series, NIST 800 series, DoD 5200, ITIL, etc.) and an understanding of the application of these and other operating principles to production workflows.
- Moderate or better proficiency with packet-level traffic analysis (Wireshark, tcpdump, etc.)
- Ability to carry out troubleshooting and traffic analysis operations from one host to another, across arbitrary interconnecting networks/media, and through all intervening levels and scales of network architecture.
- Familiarity with various log generation, delivery, and retention mechanisms, as well as common log data formats (syslog, CEF)
- Familiarity with a wide range of common end-host and network infrastructure data security vulnerabilities, common exploits, bad actor behavior patterns, etc.
- Ability to identify networks whose operation intersects with regulatory frameworks such as PCI-DSS, HIPPA, etc.

Even Better:

- Inclination toward self-study and continuing education preferred

- Vendor specific certifications (NSE4, NSE5, CCNA, CCNP, etc.)
- Preference given to information-security-specific certifications (CISSP, GSEC/GCED, CEH, etc.) and a degree in a technical discipline.

Minimum Requirements:

4-6 years technical experience with 5+ years directly related to the job. College hours or a college degree may be substituted for some experience as deemed appropriate.

Physical Tasks- Standing Occasionally: 0-33% | Walking Occasionally: 0-33% |Sitting and Stationary: Continuously: 67-100% | Bending: Occasionally: 0-33% | Crouching: Occasionally: 0-33% | Carrying: Occasionally: 0-33% | Reaching: Occasionally: 0-33% |Lifting -Lowering >1-15 lbs: Occasionally: 0-33% | Repetitive Hand Action: Medium Dexterity: Continuously: 67-100% | Fine Manipulating: Frequently: 34-66%

Audio Visual Needs - Hearing: Continuously: 67-100%| Near Vision: Continuously: 67-100% | Far Vision: Occasionally: 0-33% | Peripheral Vision: Occasionally: 0-33%

Equipment Used in Job Performance: Computer, Printer, Fax, Telephone, Basic Office Supplies, Copier

Notice to Non-U.S. Citizens:Uniti, as a holder of licenses granted by the Federal Communications Commission, is required to notify and to obtain approval from federal regulatory agencies prior to granting certain system/network access to any non-U.S. citizen personnel. Offers of employment extended to non-U.S. citizens are contingent upon receiving the requisite approval from agencies overseeing compliance. Non-U.S. citizens are required to provide Uniti with the personal identifying information required to obtain the necessary approval prior to accessing certain systems and/or Uniti's network. If you are not a U.S. citizen, please notify your recruiter or email CORP.HRlegal@uniti.com as soon as possible for information on Uniti's foreign personnel disclosure and approval requirements.

Notice to Applicants: Depending on the position and its job functions, offers of employment may be contingent upon successful completion of certain pre-employment screenings, including but not limited to drug-screen, motor vehicle records check, or other pre-employment screening. All such screenings will be conducted by an external third-party with the Candidate's written consent and in accordance with federal and state law. Refusal to authorize or submit to a required pre-employment screening may disqualify the candidate from employment. Any misrepresentation during the application or interview process may result in denial of employment, withdrawal of offer, or termination.