SOC Analyst

Description:

The Security Analyst I role is a critical position within the organization. The primary function of the role will be to provide monitoring of deployed customer environments for security events. This includes establishing the extent of a threat, the business impact, and advising the most suitable course of action to contain and remedy the event. A Cybersecurity Technician will serve as an escalation point to the subject matter expert for in-depth cybersecurity events and must be able to communicate effectively to all stakeholders during the event management process.

Responsibilities:

· Manage the security event monitoring and incident response ticket queues and triage as appropriate to meet the established service level agreements

· Promptly transfer cybersecurity tickets to the client or internal point of contact

· Clearly convey indicators of compromise, isolation, and remediation steps

· Analyze and interpret system, security, and application logs in order to diagnose faults, spot abnormal behavior, and rule out false positives

· Effectively utilize End Detection and Response tools to investigate alerts, anomalies, and build accurate timelines related to possible compromise

· Follow established procedures to investigate, escalate, contain, or eradicate malicious activity

· Develop and deliver written and oral reports to clients, teammates, and management to aggregate and communicate security information and metrics

· Provide input and recommendations to improve internal processes and procedures related to SOC duties and responsibilities

· Participate in threat-hunting activities and other special projects as required

· Understand and follow, our set of standards and processes that produce a predictable result for the client. You must be aware of and maintain our standards.

Additional Responsibilities:

· Maintain accurate and real-time timesheets, record complete and accurate notes of troubleshooting and communication with clients

· Receive mentoring and feedback from peers and others

· Where appropriate, escalate complicated issues to a more senior resource or other appropriate teams

· Review Tickets with Manager

· Actively Participate in Team Huddles, L10 Meetings, One on One Meetings, and any other Team Meetings

· Create and update documentation when changes occur, or when discoveries are made

· Attend monthly training & team meetings as required

· Additional duties as required

Requirements:
Qualifications:

· Two years work experience in the Information Security or related fields

· Two or more current security-related industry certifications

· Experience with SIEM platforms, firewall management, and endpoint detection and response platforms

· One year or more of experience with EDR solutions, ESGs, vulnerability management, and content filtering

· Good problem-solving and decision-making skills; ability to understand and analyze complex issues

· Self-motivated, detail-oriented, highly organized, and able to handle a variety of tasks and responsibilities in an efficient manner with a high level of quality

· One of the following certifications preferred: CompTIA Security+, CompTIA CySA+, CCNA, C|EH, SSCP, or equivalent