Senior SOC Analyst

  • Understand and review logical/physical security controls, articulating risks and recommendations.
  • Perform triage activities and initialize investigations into the root cause of security events, leveraging industry best practices and adhering to documented incident playbooks, escalating when/if necessary.
  • Adhere to company policies, processes, and procedures to maintain industry standard certifications, such as ISO27001, SOC2.
  • Initialize incident management response to support security strategy and policy while considering risks, legal, and regulatory constraints.
  • Support account management with specific customers, suppliers and stakeholders ensuring the cost-effective provision of our portfolio and assist team members as needed.
  • Continuous delivery of target improvements, productivity gains, and cost efficiency.
  • Support customers across all CMSSP services while understanding business strategy.
  • Provide incident triage and initial threat analysis to meet or exceed agreed SLA’s/SLO’s.
  • Input for tuning of SIEM detection rules and maintenance of incident playbooks.
  • Weekly time recording compliance and submission of metric performance
  • Serve as first escalation point for level 1 teams.

QUALIFICATIONS

  • 5+ years’ experience in a high-performance, high volume Cyber SOC team supporting enterprise customers.
  • Thorough experience and understanding of Enterprise-grade SIEM platform including rule creation, tuning, dashboard creation, and reporting.
  • 4-yr degree in technical discipline with a strong security component, graduate degree and certifications strongly desired; CISSP, GCIH, CEH, OSCP, Security+, etc.
  • Previous experience with network access control, intrusion prevention and detection systems, networking hardware, incident response, information security methods, and risk management.
  • Security Event analysis & triage, incident handling and root cause identification, perform active Threat Hunting including planning, execution, and reporting.
  • Possess specialty in one or more of the following Information Security domains: Cyber Intelligence Analysis, Threat Monitoring, Incident Response, Threat Hunting, Machine Learning & Artificial Intelligence, Malware Analysis, Computer Forensics, Endpoint Protection, Network Security, Infrastructure Security, Application Security, Platform Security, Identity & Access Management, Security Education & Awareness, Vulnerability Scanning & Management, and Compliance & Risk Management.
  • Ability to review/interpret packet captures and netflow.
  • Red/Blue team exercise experience.
  • Elastic Stack (ELK), Bro, and Fluentd experience.
  • Ability to write new and enhance existing scripts in languages as Python, Ruby, Bash, Powershell, and write regular expressions (PCRE).
  • Working knowledge of Event Detection tools (e.g. FireEye, Palo Alto, Fortinet, Carbon Black, Cylance)
  • Experience in ‘big-data’ platforms, including Hadoop, HDFS, Apache Spark etc.
  • IDS/IPS (e.g. TippingPoint, Sourcefire, Snort, Suricata)