Foresite delivers a range of managed security, and cyber consulting & compliance solutions through strategic channel partnerships serving more than 400 customers globally. These unique and flexible solutions offer businesses innovative ways to address the liabilities of today’s complex security and compliance requirements. Our professionals, long experienced and highly knowledgeable in IT management and security, apply their expertise to providing superior product performance and unparalleled customer service through Foresite’s proprietary ProVision platform. Foresite is headquartered in Overland Park KS, with Operation Centers in Kansas City and Farnborough, UK.

Position Summary:

Foresite is seeking enthusiastic and motivated individuals to provide Managed Security Services for our valued customers operating all over the world. This is an opportunity for a rewarding career in the rapidly growing Information Security industry. The Security Analyst will demonstrate the capacity to consistently meet and exceed client expectations representing and reinforcing the Foresite brand through positive interaction with other teams within the company. Perform deep dive investigations into security threats utilizing proprietary SIEM tool. The position consists of monitoring real time event data, keeping abreast of intelligence from the IT security community and government/law-enforcement, or other industry sources and operating from 24/7/365 within our Overland Park, Kansas Security Operations Center (SOC). Shift work will be required to cover 24/7/365 operation. Successful candidates will be able to demonstrate a foundational understanding of IP Networking, Routing & Switching, System Administration, and must possess a genuine passion for Information Security.

Responsibilities:

• Researches and develops mitigation strategies to address the evolution of security trends and threat landscapes.

• Analyze security event data from customer computing platforms, network elements, and security devices.

• Input customer data, perform system/network inventory, configuration management, operational ticket submission, request tracking, and problem resolution.

• Frontline customer support and incident notification

• Generate and maintain operational processes and training documentation.

• Provide input to constantly improve our products and services to add value for our customers.

• Build relationships with clients, developers, stakeholders, and security champions, to incorporate security principles into engineering design and deployments.

• Regularly research and learn new tactics, techniques, and procedures (TTPs), and work with clients and colleagues to assess risk and implement/validate controls.

• Hands-on experience performing maintaining, upgrading, testing and/or implementing security appliance configuration changes.

• Evaluate existing SIEM queries, reports and dashboards to make recommendations on changes of events being monitored.

• Other duties as assigned.

Qualifications:

• 2 -5 years of progressing in-depth IT security experience.

• Relevant training in System Administration, Networking, and/or Security. Certifications preferred for the equivalent of CompTIA Security+ and Network+

• Ability to demonstrate a foundational knowledge of IP networking, Routing & Switching, System Administration, and Information Security

• Experience writing detections/alerts, and/or automated or manual runbooks.

• Advanced understanding of networking concepts and ability to analyze network artifacts.

• Experience “threat hunting,” i.e. using threat intel to proactively and iteratively investigate potential risks and finding suspicious behavior in the network.

• Knowledge of attacker methodologies and techniques.

• Understand the MITRE ATT&CK framework and other cyber kill chains.

• Knowledge of Cloud Services like Google Cloud, AWS, Azure

• Genuine passion for Information Security

• Current firewall, EDR, SIEM experience and or vendor certifications would be a distinct advantage.

Skills:

• Ability to think and act strategically and proactively.

• Strong knowledge of cybersecurity technologies including cloud, firewalls, intrusion detection and prevention systems, data loss prevention systems, and vulnerability management tools.

• Professional demeanor and strong work ethic

• Strong written communication skills including the ability to develop process documentation or guidelines for technical staff.

• Strong verbal communication and collaboration skills including the ability to work with both technical and non-technical customers/peers to research and resolve problems.

• Advanced knowledge of at least one leading SIEM platform (Sentinel, Splunk, Elastic, IBM Qradar, Chronicle etc.)

• Ability to apply critical thinking and logic to a wide range of intellectual and practical problems.

• Ability to maintain composure under pressure and work calmly during an emergency

Start building your career in the fastest growing and most highly sought after IT skillset in the workforce today.