SOC Tier 3

Job Description

Job Summary:

Senior Analyst candidates must be willing to work in a 24x7x365 SOC environment, demonstrate intuitive problem-solving skills, and allow for flexible scheduling. Monitor network traffic for security events and perform triage analysis to identify security incidents. Respond to computer security incidents by collecting, analyzing, preserving digital evidence, and ensure that incidents are recorded and tracked in accordance with SOC requirements. Work closely with the other teams to assess risk and provide recommendations for improving our security posture.

Job Description:

Utilize state of the art technologies such as host forensics tools (FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data.
Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response.
Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response.
Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
Lead Incident Response activities and mentor junior staff.
Work with key stakeholders to implement remediation plans in response to incidents.
Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
Author Standard Operating Procedures (SOPs) and training documentation when needed.
Generate end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty. Escalate of major events and cyber investigations Develop and maintain policies, processes, and procedures to ensure reliable and effective SOC operations.
Monitor and review event indications, warnings, and system logs and notify the applicable stakeholders in accordance with service level agreements and SOPs.
Performs other duties as assigned.

Job Requirements:

Bachelor’s Degree in Computer Science, Communication Engineering or any related field.
Experience required: 3-5 years (with Extensive experience with digital media analysis and digital forensics (Splunk, Tanium).
Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take lead on incident research when appropriate and be able to mentor junior analysts.
Advanced knowledge of TCP/IP protocols.
Knowledge of Windows, Linux operating systems.
Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or ArcSight experience.
Deep packet and log analysis.
Some Forensic and Malware Analysis.
Cyber Threat and Intelligence gathering and analysis.
Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred.
Excellent communication skills with internal and external customers.
Strong problem solving, leadership, team building, and troubleshooting skills.
Highly self-motivated and directed, with keen attention to detail.