NopalCyber- SOC Sr. Analyst

Job responsibilities: 

• Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues as appropriate
• Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS / IPS, Firewalls, EDR, etc.)
• Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls
• Provides support for complex system/network exploitation and defense techniques to include deterring, identifying, and investigating system and network intrusions
• Support malware analysis, host and network, log analysis, and triage in support of incident response
• Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on past and current threats
• Monitoring threat/vulnerability landscape, security advisories, and acting on them as appropriate
• Continuously monitors the security alerts and escalation queue, triages security alerts
• Monitoring and tuning SIEM (content, parsing, maintenance)
• Monitoring Cloud infrastructure for security-related events
• Delivers scheduled and ad-hoc reports
• Develop and coach L1 analysts
• Author Standard Operating Procedures (SOPs) and training documentation 
• Work the full ticket lifecycle; handle every step of the alert, from detection to remediation
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty

• Perform threat-intel research, learn new attack patterns, actively participate in security forums.

Job specifications:

Qualification:

• Bachelor’s degree in Engineering or closely related coursework in technology development disciplines
• Certifications like CISSP, CEH, CISM, GCIH, GCIA are desirable
• Experience with the following or related tools: SIEM Tools such as Splunk, IBM QRadar, SecureOnix; Case Management Tools such as Swimlane, Phantom, etc.; EDR tools such as Crowdstrike, Sentinel, VMware, McAfee, Microsoft Defender ATP, etc;  Network Analysis Tools such as Darktrace, FireEye, NetWitness, Panorama, etc.

Experience: 

• 4+ years of SOC related work experience

Desired Skills:

• Full understanding of SOC L1 responsibilities/duties and how the duties feed into L2/L3.  The ability to take lead on incident research when appropriate and be able to mentor junior analysts.
• Advanced knowledge of TCP/IP protocols and event log analysis
• Strong understanding of Windows, Linux and networking concepts
• Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools
• Good understanding of security solutions including SIEMs, Web Proxies, EDR, Firewalls, VPN, authentication, encryption, IPS/IDS etc.
• Functional understanding of Cloud environments 
• Ability to conduct research into IT security issues and products as required
• Working in a TAT based IT security incident resolution practice and knowledge of ITIL
• Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred
• Malware analysis and reverse engineering is a plus