As a team member in the SOC (Security Operations Center) Analyst will hunt for cyberattacks and threats on customer networks using log flows and threat feeds. Responsible for investigating and generating
alerts using defined escalation paths and established processes to help customers mitigate threats.
This includes monitoring network traffic and security event data, conducting proactive threat research and analysis, performing forensic investigation into incidents, and assist with the development of
incident response processes and procedures for overall Security Operations Center development.
Monitor and analyze network traffic and security event data.
Investigate intrusion attempts and perform in-depth analysis of exploits.
Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
Conduct proactive cyber threat and compromise research and analysis.
Review security events that are populated in a Security Information and Event Management (SIEM) system.
Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the corrective or mitigation actions and escalation paths for each incident.
Independently follow procedures to document and report malicious activity.
Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
Create a final incident report detailing the events of the incident.
Provide analysis regarding intrusion events, security incidents, and other threat indications and warning information from various outside agencies.
Design and develop processes and procedures to improve incident response times, analysis of incidents, and overall process improvements and security infrastructure.
Participate in the review of security implications of new applications.
Contribute to the build of complete security solutions by integrating off-the-shelf and custom security tools through APIs and custom code.
Understand how to properly implement complex security solutions (such as Firewalls, VPN, and IDS/IPS solutions).
Foster and maintain good relationships with colleagues to meet expected customer service levels.
Absorb and adapt to new technologies quickly, and help to implement new solutions seamlessly.
Maintain contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards and technologies
Be available, on-call, to rapidly troubleshoot any problems resulting from infrastructure changes, security breaches, or other unplanned/unforeseen circumstances
Mentor and provide guidance to Tier 1 analysts.
Responsible for actions of Tier 1 analysts on shift with you.
Clear understanding of networking best practices and OSI model
Full understanding of Security Kill Chain
Currently holding two of the following certifications:
In addition to above certifications, must also hold one of the following certifications:
Able to work on a rotating shift schedule
Experience working in Linux, Windows, and OSX environments
Minimum 1 year working as a Tier 1 Analyst or equivalent