Information Security Analyst III - WUIT - Digital Forensics and Incident Response
Washington University in St. Louis
Location: St. Louis, Missouri
Internal Number: JR65729
The Security Analyst III, handles proactively defending, detecting, and eliminating security threats at Washington University in St. Louis. This position requires senior level skills and experience with tactics, techniques, and procedures commonly found in the MITRE ATT&CK matrix. Seeking a self-motivated, curious minded individual with a passion for protecting users, securing infrastructure, and discovering indicators of compromise.
Potential for after hours or weekend contact to respond to critical security incident.
Primary Duties and Responsibilities
Hunt through vast amounts of log data looking for malicious activity using Splunk.
Regularly evaluate, update, and normalize logging sources from multiple departments and external security providers.
Handle incidents using standard Incident Response practices.
Regularly meet with architecture, engineering, and operations teams to provide security best practices and influence the adoption of new standards and procedures.
Develop Splunk apps, scripts, and automation tools to streamline detection, alerting, and remediation capabilities.
Evaluate, remediate, and respond to tickets, email, and phishing support requests.
Evaluate and recommend changes or additions to security tools e.g., honeypots, black hole router, canary tokens, etc.Â
Maintain up-to-date knowledge of tools, log sources, and IR best-practices to deal with evolving threat actors.
Work with IT organizations to analyze and remove malicious software across multiple platforms (Windows, Linux, macOS, mobile).
Produce dashboards, reports and metrics concerning incidents and their posture. Identify trends and make security recommendations to leadership.
Provide escalation and technical leadership capabilities to help with complex security threats.
Perform other duties as assigned.
5-8 years of professional experience in information security or related IT experience.
SANS (GIAC), ISC2 (SSCP / CCSP), or other security related certification or equivalent experience.
Passion for researching and solving unfamiliar complex technical problems.
In-depth experience with logging platforms e.g., Splunk, Elastic, or Humio.
Expert knowledge of Microsoft Windows platforms, security hardening, Active Directory authentication, and logging capabilities.
Working knowledge of macOS and Linux operating systems and logging capabilities.
Expert understanding of common tactics and techniques, such as those documented in the MITRE ATT&CK knowledge base.
Experience using penetration testing platforms e.g., Kali Linux to understand and test common threat techniques.
Experience using EDR/XDR products e.g., CrowdStrike, Cisco Secure Endpoint, Microsoft Defender to investigate threats and perform triage activities.
Advanced knowledge of common Internet protocols and services e.g., tcp, udp, dns, http, https, smtp, ssl, ssh, rdp, smb, sql, etc.
Understand how to use and interpret packet analyzer tools like Wireshark and tcpdump.
Advanced knowledge of cloud provider services and logging capabilities e.g., Azure, Amazon, and Google.
Experience with networking technologies e.g., subnetting, IP allocations, BGP, firewalls, VPNs.
Aptitude for patience, professionalism, tactfulness, and empathy.
Strong team-oriented interpersonal skills; ability to effectively work with a wide variety of people.
Strong written and oral communication skills.
Ability to work independently with limited supervision.
Bachelorâ™s degree plus three years of related experience or equivalent combination of education and experience.
$75,400.00 - $132,800.00 / AnnuallyThe salary range reflects base salaries paid for positions in a given job grade across the University. Individual rates within the range will be determined by factors including one's qualifications and performance, equity with others in the department, market rates for positions within the same grade and department budget.
All external candidates receiving an offer for employment will be required to submit to pre-employment screening for this position. The screenings will include criminal background check and, as applicable for the position, other background checks, drug screen, an employment and education or licensure/certification verification, physical examination, certain vaccinations and/or governmental registry checks. All offers are contingent upon successful completion of required screening.
Washington University in St. Louis is committed to providing a comprehensive and competitive benefits package to our employees. Benefits eligibility is subject to employment status, full-time equivalent (FTE) workload, and weekly standard hours. Please visit our website at https://hr.wustl.edu/benefits/ to view a summary of benefits.
Washington University is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration without regard to an individualâ™s sex, race, color, religion, age, disability status, protected veteran status, national or ethnic origin, gender identity or expression, sexual orientation. Women, minorities, protected veterans and the disabled are strongly encouraged to apply.
Washington University is dedicated to building a diverse community of individuals who are committed to contributing to an inclusive environment â“ fostering respect for all and welcoming individuals from diverse backgrounds, experiences and perspectives. Individuals with a commitment to these values are encouraged to apply.
When you are ready to apply, creating an account only takes a minute. Your account creates a candidate home page which we will use to communicate with you and allows you to apply for jobs and view your application statuses. The first page of the application offers two âœQuick Applyâ options. Quick Apply allows you to either use a previous application or create a new application using a resume to populate the work experience and education sections of your job application. If using a resume to populate your application, check to ensure the application fields populated accurately. You may skip the âœQuick Applyâ page by clicking âœNextâ at the bottom of the page. Documents may be uploaded in the My Experience section of the application. You also have the option to apply with a Linkedin feature, which allows you to apply by using your Linkedin profile to populate some of the job application fields.
Washington University in St. Louis, a medium-sized, independent university, is dedicated to challenging its faculty and students alike to seek new knowledge and greater understanding of an ever-changing, multicultural world. The University offers more than 90 programs and almost 1,500 courses leading to bachelor's, master's and doctoral degrees in a broad spectrum of traditional and interdisciplinary fields, with additional opportunities for minor concentrations and individualized programs. The faculty is composed of scholars, scientists, artists and members of the learned professions. They serve society by teaching; by adding to the store of human art, creativity, understanding, and wisdom; and by providing direct services, such as health care.