IT Security Analyst II

If you find science, speed, and success exhilarating, you have come to the right place.

Novavax, Inc (Nasdaq:NVAX) is a biotechnology company that creates transformational vaccines that address some of the world’s most pressing infectious diseases. We have more than a decade of experience contending with some of the world’s most devastating diseases, including COVID-19, seasonal influenza, RSV, Ebola, MERS, and SARS. Hard-won lessons and significant advances illustrate that our proven technology has tremendous potential to make a substantial contribution to public health worldwide.

Our scientists are committed to developing vaccine candidates for some of the world’s toughest viral threats by utilizing the power of our innovative recombinant nanoparticle vaccine platform. Our vaccine technology combines the power and speed of genetic engineering with the immunogenicity enhancing properties of our Matrix-M™ adjuvant to efficiently produce highly immunogenic particles targeting some of the most pressing viral infectious diseases.

Novavax, Inc. is headquartered in Gaithersburg, Maryland with additional facilities in Uppsala, Sweden and Bohumil, Czech Republic.

Level 2 SOC Analyst is expected to be able to perform all L1 & L2 functions. The Level 2 SOC Analyst is familiar with cybersecurity incident response processes and serves as the escalation point for L1 SOC analysts for cybersecurity events, prioritizing multiple security issues and daily operational tasks. The Level 2 SOC Analyst provides additional insight into events and continues higher level investigations. Level 2 Analysts are also responsible for performing toolset alert generation and tuning, and leading all levels of cybersecurity event, and low severity incident, response investigations. These individuals work closely with several other security teams, technical SMEs, and business unit contacts to resolve security events and work towards improving the overall security posture. The ideal candidate will have experience working in a dynamic environment and assisting in areas of a cybersecurity team.

Operational Responsibilities:

• Analyze, document, and report on potential security incidents identified in environments, including provide recommendations to correct day-to-day technology issues that impact the infrastructure.
• Receive escalations from L1 analysts for action and response, identifying threat events, and further escalating as appropriate.

• Conduct real-time analysis using cybersecurity tools and correlation of security log data from numerous heterogeneous security devices across different layers, including support of a cybersecurity incident as directed
• Conduct static file analysis, live response/investigation on systems, account containment, per SOC playbooks, SOPs, and direction from IT security leadership
• Manage and/or provide recommendations/actions for containment and remediation efforts stemming from cyber events, being responsible for accurate and consistent documentation
• Support analysts leading cybersecurity incident response efforts.

• Develop cybersecurity skills and experience by learning and enforcing Information Security policies, playbooks and procedures, and content, industry best practices, and develop training for the SOC in support of these.

• Provide analysis and advisement on various security enforcement technologies including, but not limited to:

o SIEM/SOAR

o EDR / Anti-virus

o Cloud (Azure)

o Web Proxy

o IDS / IPS / NSM

o Email Security

• Growing familiarity with Cloud (AWS, Azure) environments
• Investigate, document, and report on information security issues and emerging trends.
• With direction from management and SMEs, utilize multiple tools and methods (SOAR, SIEM, etc.) to develop, enhance/tune, and maintain correlations, alerts/detections, and automate investigation workflows to increase alert fidelity, streamline SOC efficiency and ensure repeatable processes while maintaining current documentation.

• Assist in product and vendor assessments and evaluations, based upon cybersecurity standards and industry best practices.

• Provide data from the SOC toolset, assisting analysts with data collection, for analysis in support of incident assessment/triage, and toolset maintenance.
• Integrate and share information with other analysts and teams.
• Other tasks and responsibilities as assigned to include but not limited to engineering and project lead task.

Required Qualifications:

• 3+ years of incident analysis, security architecture, malware research, SOC, or any other similar incident response experience.
• Fundamental understanding of security tools such as SIEM, IDS/IPS, web proxies, DLP, CASB, SIEM, DNS security, DDoS protection, EDR, and firewalls
• Fundamental understanding of cloud security and responding to cloud alerts/events
• Knowledge of NIST and MITRE ATT&CK security frameworks
• Experience analyzing and inspecting log files, network packets, and any other security tool information output from multiple system types
• Familiar with basic reverse engineering principles and understand of malware, rootkits, TCP/UDP packets, network protocols
• Team-oriented and skilled in working within a collaborative environment
• Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment
• Required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency
• Experience with technical analysis of email headers, links, and attachments to determine if an email is malicious, and then executing remediation techniques to protect the environment

Preferred Qualifications:

• Solid written and communication skills with the ability to present ideas in business-friendly and user-friendly language
• Experience with O365 security suite and tools
• Splunk experience
• Proven problem-solving abilities
• Willingness to acquire in-depth knowledge of network and host security technologies and products (such as endpoint, network, email security) and continuously improve these skills
• Ability to clearly and concisely document and explain technical details (e.g. experience documenting incidents, technical writing, etc.)
• Collaborate with peers and multiple teams to identify improvements and identify areas for tuning use cases or signatures to enhance monitoring value
• Participate in technical meetings and working groups to address issues related to malware, threats, vulnerabilities, and cybersecurity preparedness
• One or more of the following certifications are recommended: CompTIA Security +; CompTIA Network +; CompTIA CySA+; Information systems Security Professional (CISSP); SANS-GIAC certification (Security Essentials/GCIH, GCED, GCIA, GNFA); EC-Council (CEH)

Novavax offers a base salary, annual bonus, equity grants, professional career development/growth opportunities, and a comprehensive benefits package including medical, dental, vision, Rx, STD, LTD, Life, Optional Life, 401(k) plan.

Equal Opportunity Employer/Veterans/Disabled

Novavax is an equal employment opportunity employer. Employment and advancement opportunities are available to all individuals on an at-will basis, regardless of their race, color, national origin, religion, ancestry, citizenship status, military or veteran status, sex, sexual orientation, gender identity or expression, age, marital status, family responsibilities, pregnancy, disability, genetic information, protective hairstyle, or any other characteristic protected by applicable federal, state, or local law.

Except where prohibited by applicable state law, this position requires that you be fully vaccinated against COVID-19 unless you need a reasonable accommodation or qualify for an exemption.

#LI-VN

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)