Security Analyst

As a Security Analyst at ANS, your primary responsibilities will include triaging and investigating security incidents using Microsoft Sentinel, tuning alerts, and managing security technologies. You'll also communicate with clients during incidents and assist with on-boarding them into Managed XDR services. It’s a comprehensive role that dives deep into monitoring SOC alerts, conducting compromise investigations, and reviewing vulnerability scans to provide effective remediation advice.

To excel as a Security Analyst at ANS, you should have previous security engineering or operations experience, ideally within another Managed Security Service Provider (MSSP). Knowledge of Microsoft Sentinel, Microsoft Defender, and cloud technologies is crucial. Familiarity with Linux and Windows operating systems, incident response, network defense principles, and secure development practices are also essential.

ANS is dedicated to your career growth as a Security Analyst. We offer comprehensive support for professional development, including paid study leave to complete relevant certifications. This commitment ensures you keep up with industry standards and advances in cybersecurity, enhancing your career trajectory within the ever-evolving tech landscape.

Yes, the Security Analyst role at ANS includes shift work, which can involve night shifts to ensure that our Security Operations Center runs smoothly 24/7/365. This schedule allows us to provide uninterrupted protection for our clients from cyber threats.

The culture at ANS is inclusive, dynamic, and passionate. We encourage our Security Analysts to bring their authentic selves to work and to innovate fearlessly. With a focus on openness, teamwork, and personal well-being, we create a safe space for employees to thrive while driving our mission of keeping clients secure.

When triaging security incidents, I prioritize incidents based on severity, potential impact, and available context. I rely on tools like Microsoft Sentinel to gather data and analyze alerts quickly, ensuring a response is timely and effective.

For tuning security alerts, I analyze the false positive rates and adjust thresholds to minimize unnecessary alerts. Collaborating with my team, we regularly review alert patterns and trends to refine our alerting rules for maximum efficiency.

I have hands-on experience using Microsoft Sentinel for security incident management, including configuring workbooks, integrating third-party data sources, and using analytics to detect and respond to threats. This enables me to leverage its full potential in mitigating risks.

I am familiar with various incident response methodologies, including NIST's Cybersecurity Framework, which emphasizes preparation, detection, containment, eradication, recovery, and post-incident analysis. This structured approach aids in efficient incident management.

To stay updated on security threats, I regularly engage in professional networks, attend industry conferences, follow cybersecurity news outlets, and participate in relevant online forums. Continuous learning is crucial in this field.

During incidents, I prioritize transparent communication with clients, providing timely updates and technical details. I ensure that they feel informed and reassured, guiding them through our response and any necessary actions they should take.

I assess vulnerabilities using a combination of automated tools and manual analysis. I review system configurations, conduct penetration tests, and interpret vulnerability scan results to identify risks and recommend remediation steps.

The OWASP Top 10 is a vital resource outlining the most critical web application security risks. I use this guide to help inform secure development practices and educate clients about potential vulnerabilities they should mitigate.

A Security Analyst plays a fundamental role as a threat defender, collaborating with different teams to ensure robust security measures. We are not only technical experts but also educators, guiding teams and clients on security best practices.

I prioritize tasks in a fast-paced SOC by assessing the urgency and severity of alerts. I maintain an organized workflow system that allows me to effectively address high-priority incidents first, while ensuring that less critical tasks are efficiently processed without neglect.