SOC AnalystEngineer
SOC AnalystEngineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Position : SOC Analyst/Engineer (Security Analyst)
Location : Alameda CA (Onsite)
Term : C2C & W2 Role
Duration : Long Term
Job Description :
Please add writeup on Experience with Cortex XDR
EXPERIENCE/KNOWLEDGE & SKILLS:
CISSP CISM CEH OSCP GIAC or similar cybersecurity certification required.
Experience:
Security tools such as SIEM EDR and IDS/IPS to ensure they are effectively detecting and alerting on potential threats.
Extensive experience in Palo Alto Cortex XDR and a deep understanding and practical application of XQL
queries is required.
Extensive experience in a SOC environment with a strong background in threat detection incident
response and threat hunting.
Experience with threat intelligence platforms and integrating threat intelligence feeds to security tools to
enrich threat detection.
Experience in proactive threat hunting to identify and neutralize emerging threats.
Experience or working knowledge of cloud network and application security.
Experience in Biotech/Pharma is a plus.
Knowledge/Skills/Abilities:
Proficiency with SOC tools and technologies such as SIEM (Splunk) EDR (Cortex) and IDS/IPS (e.g. Snort
Suricata).
Strong scripting skills (e.g. Python PowerShell) to automate tasks enhance detection capabilities and
develop automation through a SOAR platform.
Ability to configure and finetune security tools to maximize their effectiveness by integrating various log
sources and data feeds to enhance visibility and detection.
Ability to work with various data sources to create highfidelity alerting.
Knowledge of machine learning and behavioral analytics to identify anomalies and potential threats.
Ability to develop and refine correlation rules within SIEM to detect complex attack patterns leveraging
the MITRE ATT&CK framework.
Strong analytical skills to correlate events and make informed decisions based on data.
Ability to analyze user behaviors and network traffic to detect suspicious activities.
Ability to establish and maintain strong relationships with security vendors.
Extensive knowledge of DNS network protocols firewalls VPNs web application firewalls email security
IPS/IDS SIEM DLP cryptography application whitelisting and endpoint protection
Excellent communication skills.
Resourceful and proactive to find innovative solutions to challenges.
A mindset focused on continuous learning and improvement.
Outstanding judgment and problemsolving skills including negotiation and conflict resolution.
Ability to work in a team environment create timelines and continually make necessary adjustments.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Oversee the endtoend threat management process from initial detection and analysis to containment
eradication and recovery. Ensure that all incidents are thoroughly investigated and documented and that
lessons learned are incorporated into future threat management strategies.
Regularly assess the effectiveness of detection mechanisms and make necessary adjustments to improve
accuracy and coverage. This includes conducting regular threat hunting exercises to identify gaps and
areas for improvement.
Create and refine correlation rules within the XDR Platform (Cortex XDR) to identify complex attack
patterns and reduce false positives. This involves analyzing security events and developing rules that
accurately detect malicious activities.
Incorporating threat intelligence feeds into the teams detection capabilities to stay updated on the latest
threats and attack techniques. Use this intelligence to enhance detection rules and response strategies.
Utilize machine learning and behavioral analytics to identify anomalies and potential threats that
traditional signaturebased tools might miss. This includes analyzing user behaviors and network traffic to
detect suspicious activities.
Regularly review and finetune the configurations of current security tools such as SIEM EDR and IDS/IPS
to ensure they are effectively detecting and alerting on potential threats.
Work with various log sources and data feeds to enhance the visibility and detection capabilities of the
team. This includes integrating logs from network devices servers applications and cloud environments.
Cocreate and maintain playbooks to standardize and automate threat response procedures. This includes
developing automated workflows to streamline incident response reduce response times and improve
the overall efficiency and effectiveness of the cybersecurity operations team.
Stay current with the latest threat landscape and emerging trends in cybersecurity to proactively identify
and mitigate potential security risks.
Contribute to the overall information security strategy.
SUPERVISORY RESPONSIBILITIES:
No supervisory responsibility
Cloud BC Labs Inc is a digital transformation organization aimed at creating seamless solutions for clients to effectively manage their business operations. The company specializes in Business and Management Consulting AI/ML Data Analytics & Visualization Cloud Data Warehouse Migration Snowflake Implementation Informatica Implementation & Upgrade Staffing Services and Data Management Solutions
Employment Type
Full Time
