As a Security Operations Center (SOC) Analyst, you will play a pivotal role in monitoring and responding to computer security incidents identified within the organizations environment. This role employs defensive measures and uses information from various sources to perform initial assessment, investigation, remediation, and, when needed, handle complex incident escalation from Level 1 analysts. As a SOC analyst, you’ll often serve as a subject matter expert, advising on security best practices, standards, and risk analysis methodologies during project engagements and regulatory audit. This role demands strong technical proficiency and broad experience across diverse technologies and compliance standards and staying up to date with emerging threats and industry trends.
Responsibilities:
- Investigate, analyze, and respond to network cybersecurity incidents promptly and effectively, ensuring the protection of organizational assets and the mitigation of potential threats.
- Assess systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
- Implement continuous improvement initiatives to advance Security Operations Center (SOC) maturity which includes but not limits to:
- Ongoing development and maintenance of rulesets across diverse security toolsets
- Identify and propose amendments on playbook work instructions and procedures.
- Leveraging SOAR and AI technology to automate manual processes and streamline operational workflows.
- Contribute to the advancement of a cloud-first strategy through the cultivation of foundational cloud knowledge and hands-on experience with platforms, primarily Azure.
- Perform hunting for unknown cyber threats using profiling techniques to find unusual or anomalous activity which has not been detected by vendor signatures.
- Support the adoption of new technologies and projects, serving as the subject matter expert (SME) to ensure that security remains a foundational consideration throughout the adoption process.
- Build and improve upon existing security tools and utilities, enabling the SOC team to operate at the pace and scale required and improve overall cybersecurity posture.
Requirements:
- Bachelor’s degree in computer science, Computer Engineering, Information Technology, or related field
- Proven years of experience working in Security Operations and Incident Response with demonstrable experience in responding to security incidents by performing host based and network forensics as well as investigation of security appliance and network logs.
- Deep understanding of logging and monitoring systems for security events/SIEM, network-based and host-based intrusion detection, firewall, endpoint detection and response (EDR), SOAR technologies, UEBA and Azure Security Center and Sentinel.
- Demonstrated understanding of security vulnerabilities, attacker exploit techniques and methods for their remediation.
- Strong deductive reasoning, critical thinking, problem-solving, and prioritization skills.
- Ability to rapidly find, assimilate and synthesize information correctly in high demand situations.
- Solid understanding of frameworks, standards, and assessments such as ISO 27001, SOC 1, SOC 2, PCI, NIST.