Security Information And Event Management Operations

Summary:

The SOC Analyst is responsible for monitoring and analyzing security events on an ongoing basis. The role involves investigating and responding to threats in a timely and effective manner and where necessary escalating incidents to the appropriate teams for indepth analysis and/or resolution.

Roles and Responsibilities:

• Monitors and analyzes Security Information and Event Management (SIEM) to identify security issues for remediation.
• Recognizes potential successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Evaluates/deconstructs malware (e.g. obfuscated code) through opensource and vendorprovided tools.
• Communicates alerts to clients regarding intrusions and compromises to their network infrastructure applications and operating systems.
• Prepares briefings and reports of analysis methodology and results.
• Creates and maintains standard operating procedures and other similar documentation; ensures all documentation is up to date and standard.
• Generates endofshift reports for documentation and knowledge transfer to subsequent analysts on duty.
• Assists EntryLevel SOC analysts in building stronger skills.
• Assists Team Leads with reporting projects administrative work as needed.
• Support cyber defense functions to protect organizations from cyber security incidents that have potential to cause negative impact
• Review suspicious threat activity via logs and security applications to determine the nature of a possible threat
• Decide necessary remediation actions for a multitude of systems including but not limited to Operating Systems network firewalls/routers AV systems and more
• Create clear and concise writeups representing the overall summary analysis actions taken and recommendations for escalated incidents via a platform ticketing system
• Validate operations during their shift and contact senior analysts for additional support/escalation
• Monitor customer requests via their escalated tickets and inform the senior team for additional support
• Investigate document and report on information security issues and emerging trends
• Incident Response reporting of cyber security incidents mitigation advisement quality review and after action
• Use SOC monitoring tools and have a working understanding of systems such as SIEM systems Intrusion Detection System Data Loss
• Prevention Antivirus System to review and analyze predefined events
• Provide analysis and identify trends of security log data from a large number of heterogeneous security devices indicative of incidents
• Suggest and request whitelisting and use case finetuning from Engineering team as applicable
• Inform parsing issues to SOC Content / Platform Engineering team as applicable
• Perform basic threat (retro) hunting leveraging an IoCbased approach

Job Qualifications:

• Minimum of 3 years of relevant experience

• Experience in ticketing monitoring systems and working in a SOC environment.

• Ability to analyze data such as logs or packets captures from various sources within the enterprise and draw conclusions regarding past and future security incidents.

• Basic knowledge of clientserver applications multitier web applications relational databases firewalls VPNs Endpoint Detection and Response (EDR) and SIEM technologies.

• Fundamental understanding of computer networking (TCP/IP) knowledge of Windows Linux and Information Security.

• Indepth experience in performing security investigations across different platforms including OS networks cloud messaging etc.

• Highlevel knowledge of cybersecurity attack and defense techniques.

• Experience working with cloud cybersecurity tools.

• Excellent analytical and problemsolving skills as well as interpersonal skills to interact with clients team members and upper management.

• Proficient in both oral & written communication.

• Graduate of any college degree in Computer Science or Information Security or related technical field of expertise.

• Must be willing to work on a shifting schedule and on site.

Remote Work :

No