Intrusion Detection Analyst II
Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
We are looking for a security analyst to join the Intrusion Prevention Operations (IPO) team. This is an opportunity to chip in and contribute to a highly visible security operations function that is the first line of defense for F5.
Do you have what it takes?
You should have validated expertise in the following areas:
- Network and system security/administration
- Basic understanding of security threats and attacks
- Understanding context and events from system and security logs
- Tuning SEIM/security monitoring rules/alerts/reports
You will actively investigate potential successful and unsuccessful intrusion attempts and compromises, malware infections, as well as a variety of other security incidents and provide the team with the impact of the threat, your assessment of the incident, as well as recommendations.
These are your responsibilities:
You will lead analysis of security events on the network. This will involve triaging events that come from any number of sources and working to understand the threat and ensuring any incidents get resolved or intensified accordingly. You will also drive security monitoring tuning to ensure that false positives are tuned out.
- You will support live response and forensics capabilities.
- Provide project support and implementation within our team.
- Review security-related events and assess their risk and validity based on available network, endpoint, and global threat intelligence information.
- Craft, modify, and update IDS/IPS and Security Information Event Management (SIEM) rules.
- Be able to provide host-based forensics.
- Evaluate/deconstruct malware (e.g. obfuscated code) through open-source and vendor provided tools.
- Assist with implementation of counter-measures or mitigating controls.
- Evaluate change requests and assess organizational risk.
- Prepare briefings and reports of analysis methodology and results.
- Build and maintain Standard Operating Procedures and other similar documentation.
- Mentor members of the team.
Skills and Knowledge we'd like to see:
- An understanding of at least two of the following Operating Systems: Windows, Linux and/or Mac at a filesystem level
- Provide knowledge around Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
- Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)
- Malware and exploit kit functionality experience
- Lateral movement, living-off-the-land, and persistence establishment mechanisms
- Detection of anomalous system activity
- Incident response and incident handling processes
- Good technical interpersonal skills, both written and verbal; attention to detail and phenomenal organizational and time management skills
- Excellent analytical skills that would allow for the ability to diagnose and tackle technical issues
- Courage and willingness to challenge conventional wisdom
- Ability to research and characterize security threats including crafting appropriate countermeasures
- Demonstrated track record of identifying and pursuing strategic and complex areas of security research in collaboration with internal and external partners at all levels, to include defining appropriate policies, practices, and countermeasures
- Host-based security tools
- Network-based security tools
- Malware analysis sandboxes and tools
Experience with one or more of the following platforms:
- Carbon Black, FireEye, Splunk, etc.
What is required?
- Come join us with 3 to 7 years of relevant experience or equivalent combination of education and work experience.
Experience in one or more of the following
- Penetration testing, Malware reverse engineering, Vulnerability discovery and assessment, Digital forensics
We'd really love it if you had the following background:
- Technical expertise in security event analysis
- Experience in working across multiple teams
- Experience with desktop operating systems (windows, mac os, Linux)
- Familiar with the latest malicious code trends, exploits
- Industry certifications such as SANS GCIA, GCIH, CCNA, CISSP
- Working knowledge of Splunk or Sumo Logic and searching/reporting capabilities
- Show us how you handle high pressure work environments and are willing to work off-hours on a rotational basis.
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. Reasonable accommodation is available for qualified individuals with disabilities, upon request.
Meet Some of F5 Networks's Employees
Systems Engineering Manager
Rubyanne manages a team of systems engineers—the technical half of a Sales Account Team—empowering them with the tools they need to be successful as they provide pre-sales support throughout northern California.
Back to top