Author: Andrew Hay
Security/Log Analyst Opening at Q1 Labs Inc.
Position: Security Analyst
The Security analyst will be responsible for providing expertise with analysis of a variety of security and network technologies in order to integrate these 3rd party products with our technology. The candidate will need working knowledge categorizing logs and extending the information from these devices to correlate information about potential vulnerabilities etc. Working within a small team, the successful candidate must have a strong work ethic, the ability to work as part of a team, and work within a fast-paced and dynamic environment.
Requirements:
• Have experience with a variety of security and network technologies, applications, operating systems, and databases. Knowledge of how all of these devices work and communicate within a networked environment is essential.
• Strong scripting skills
• System and application development experience a plus
• Understanding of log transport protocols (syslog, snmp, etc)
• Bachelor and/or Masters Degree in a related field or an equivalent combination of education and experience.
Responsibilities:
• Work closely with product management and the integration team to identify, categorize and correlate events from a variety of devices.
• Continuously monitor vendor websites, discussion forums, and technical publications to identify new products and updates.
• Match device events to known vulnerabilities.
• Maintain a collection of sample logs, attributes, documentation and configurations from third party devices and implement a database to share that information with other members of the organization.
• Work with the team to improve the product quality and processes.
• Identify new rules and reports to identify important events within and across networked devices.
Required Skill Set:
• At least 4 years experience in system administration or IT Security field.
• Experience with Perl and Java
• Experience working within a Linux environment
• Flexible, able to adapt to changing requirements, scope, and schedule.
Please send me an email if you’re interested at andrewsmhay(shift-2)gmail.com.
Andrew Hay, Now With 100% More CISSP
If you couldn’t guess by the title of this blog post, I have indeed passed by CISSP certification exam (phew). I always reserve my judgement on the usefulness of particular certifications until I actually sit down and attempt them (unlike some people in the industry — you know who you are). Was it worth it? I believe it was. Due to the scope of the exam I forced myself to learn aspects of security that I had neither the reason, nor the desire, to understand. I feel that I have grown as a security professional because of my studies and hope that I can help others with the things that I have learned.
I’d like to give a shout out those people (you know who you are) who either helped me or reassured me that I would succeed. Thanks everyone!
Invited to Contribute to The Encyclopedia of Information Assurance
My friend and colleague Rebecca Herold has graciously invited me to contribute a section on Detective Controls: Effectively Using Logs to her upcoming book, the Encyclopedia of Information Assurance (AUERBACH, ISBN 1420066757). I have humbly accepted and look forward to contributing to what sounds like a fantastic resource for the security community.