Information Security Analyst

Description:

Information Security Analyst III

 Work Place Flexibility:  Hybrid

 Legal Entity:  Entergy Services, Inc.-ESI (OLD)

Preferred location for this role is The Woodlands, TX or Little Rock, AR; however, New Orleans, LA and Jackson, MS will also be considered. *** 
This position will be filled as an Information Security Analyst III, depending on the candidate’s experience and education. *** 

Job Summary/Purpose

The Consolidated Security Operations Center Analyst will report to the Supervisor of CSOC and will manage day-to-day tasks as noted below, with additional projects as they arise. The Analyst to join our dynamic team with the Cybersecurity Organization at Entergy will have curiosity, critical thinking, analysis background and security background. This position will play a critical role in safeguarding our infrastructure and ensuring the integrity of our operations. The analyst will be responsible for investigating and responding to security incidents, understanding, and mitigating attack vectors, and staying abreast of the evolving threat landscape. They will also be able to lead junior analysts and assist in maturing the security program.

The ideal candidate is detail oriented, a problem solver with critical thinking skills, and focused on process improvement.

Job Duties/Responsibilities

 Understanding of digital evidence and forensic analysis.
 Assist in continuously improving the existing daily operational and incident response procedures and playbooks.
 Identify automation opportunities to improve capabilities.
 Identify problematic trends and take proactive steps to mitigate negative impacts to customer base.
 Conduct investigations and understand security incidents, including but not limited to, malware infections, phishing attempts, and unauthorized access attempts.
 Analyze and understand various attack vectors used by threat actors to compromise systems and data.
 Monitor and assess the threat landscape to identify emerging threats and vulnerabilities relevant to our environment.
 Knowledge of using SIEM tools with possible areas of development and upkeep of detections
 Maintain understanding of the various threats and risks related to utility workforce, energy providers and/or NERC/CIP.
 Monitor and participate in training and exercises to ensure CSOC team proficiency.
 Participate in post-incident reviews to identify lessons learned and best practices.
 Ability to work in network investigations to identify and mitigate potential security risks and intrusions.
 Knowledge in Cloud (SaaS, IaaS, PaaS) Industrial Control Systems (ICS) and Operational Technology (OT) to protect critical infrastructure and operational assets.
 Collaborate with cross-functional teams to understand security controls and measures to enhance our overall security posture.
 Understand cloud security monitoring and support improvements for maturity posture.
 Understand and recommend incident response process, procedures and playbooks to ensure effective and efficient response to security incidents.
 Support the threat hunting team to identify gaps of coverage and make recommendations on use cases for monitoring.
 Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry.
 Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management.
 Available to travel up to 25%

MINIMUM REQUIREMENTS Minimum Education Required Of The Position.

 Typically requires an associate’s degree or university degree in related field (i.e. Cybersecurity, Information security, criminal justice, computer science, etc.) or the equivalent work experience.

Minimum Experience Required Of The Position

Information Security Analyst III:

 5+ years of cyber security experience, across multiple disciplines (playbook development, incident response, threat hunting, monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, risk management, project management, physical security, etc.) experience can be substituted with education as follows:
Bachelor’s degree in cybersecurity and 3+ years of experience
 3 years of hands-on experience working with Security Incident and Event Management, incident response in a SOC environment with a structured after-hours process
 Hands-on experience working with Security Information Event Management (SIEM), event and incident investigations and incident response in a 24/7 SOC environment
 Ability to work effectively with team members and with customers
 Knowledge of various attack vectors, threat intelligence sources, and the cybersecurity threat landscape.
 Experience to include some of the following: access control, CCTV, network investigations, intrusion detection systems (IDS), and/or security information and event management (SIEM) tools.
 Understanding of Cloud (SaaS, IaaS, PaaS), Industrial Control Systems (ICS) and Operational Technology (OT) security principles and best practices.
 Understanding of cloud environment for security principles and best practices
 Provide guidance and mentorship to others in cyber threat analysis and operations.
 Proactively identify possible threats, security gaps and vulnerabilities