SOC Analyst

Description: 

The Security Analyst I role is a critical position within the organization. The primary function of the role will be to provide monitoring of deployed customer environments for security events. This includes establishing the extent of a threat, the business impact, and advising the most suitable course of action to contain and remedy the event. A Cybersecurity Technician will serve as an escalation point to the subject matter expert for in-depth cybersecurity events and must be able to communicate effectively to all stakeholders during the event management process. 

Responsibilities: 

·        Manage the security event monitoring and incident response ticket queues and triage as appropriate to meet the established service level agreements

·        Promptly transfer cybersecurity tickets to the client or internal point of contact

·        Clearly convey indicators of compromise, isolation, and remediation steps

·        Analyze and interpret system, security, and application logs in order to diagnose faults, spot abnormal behavior, and rule out false positives

·        Effectively utilize End Detection and Response tools to investigate alerts, anomalies, and build accurate timelines related to possible compromise

·        Follow established procedures to investigate, escalate, contain, or eradicate malicious activity

·        Develop and deliver written and oral reports to clients, teammates, and management to aggregate and communicate security information and metrics

·        Provide input and recommendations to improve internal processes and procedures related to SOC duties and responsibilities

·        Participate in threat-hunting activities and other special projects as required

·        Understand and follow, our set of standards and processes that produce a predictable result for the client. You must be aware of and maintain our standards.

Additional Responsibilities: 

·        Maintain accurate and real-time timesheets, record complete and accurate notes of troubleshooting and communication with clients

·        Receive mentoring and feedback from peers and others

·        Where appropriate, escalate complicated issues to a more senior resource or other appropriate teams

·        Review Tickets with Manager

·        Actively Participate in Team Huddles, L10 Meetings, One on One Meetings, and any other Team Meetings

·        Create and update documentation when changes occur, or when discoveries are made

·        Attend monthly training & team meetings as required

·        Additional duties as required

Qualifications: 

·        Two years work experience in the Information Security or related fields

·        Two or more current security-related industry certifications

·        Experience with SIEM platforms, firewall management, and endpoint detection and response platforms

·        One year or more of experience with EDR solutions, ESGs, vulnerability management, and content filtering

·        Good problem-solving and decision-making skills; ability to understand and analyze complex issues

·        Self-motivated, detail-oriented, highly organized, and able to handle a variety of tasks and responsibilities in an efficient manner with a high level of quality

·        One of the following certifications preferred: CompTIA Security+, CompTIA CySA+, CCNA, C|EH, SSCP, or equivalent