Security Analyst (SOC Analyst)

Position Title: Security Analyst (SOC Analyst)

Job Type: Full-time

The Security Analyst I role is a critical position within the organization. The primary function of the role will be to provide monitoring of deployed customer environments for security events. This includes establishing the extent of a threat, the business impact, and advising the most suitable course of action to contain and remedy the event. A Cybersecurity Technician will serve as an escalation point to the subject matter expert for in-depth cybersecurity events and must be able to communicate effectively to all stakeholders during the event management process.

Key Responsibilities

• Manage the security event monitoring and incident response ticket queues and triage as appropriate to meet the established service level agreements
• Promptly transfer cybersecurity tickets to the client or internal point of contact
• Clearly convey indicators of compromise, isolation, and remediation steps
• Analyze and interpret system, security, and application logs in order to diagnose faults, spot abnormal behavior, and rule out false positives
• Effectively utilize End Detection and Response tools to investigate alerts, anomalies, and build accurate timelines related to possible compromise
• Follow established procedures to investigate, escalate, contain, or eradicate malicious activity
• Develop and deliver written and oral reports to clients, teammates, and management to aggregate and communicate security information and metrics
• Provide input and recommendations to improve internal processes and procedures related to SOC duties and responsibilities
• Participate in threat-hunting activities and other special projects as required
• Understand and follow, our set of standards and processes that produce a predictable result for the client. You must be aware of and maintain our standards.

Additional Responsibilities

• Maintain accurate and real-time timesheets, record complete and accurate notes of troubleshooting and communication with clients
• Receive mentoring and feedback from peers and others
• Where appropriate, escalate complicated issues to a more senior resource or other appropriate teams
• Review Tickets with Manager
• Actively Participate in Team Huddles, L10 Meetings, One on One Meetings, and any other Team Meetings
• Create and update documentation when changes occur, or when discoveries are made
• Attend monthly training & team meetings as required
• Additional duties as required

Skills, Knowledge, and Expertise

• Two years work experience in the Information Security or related fields
• Two or more current security-related industry certifications
• Experience with SIEM platforms, firewall management, and endpoint detection and response platforms
• One year or more of experience with EDR solutions, ESGs, vulnerability management, and content filtering
• Good problem-solving and decision-making skills; ability to understand and analyze complex issues
• Self-motivated, detail-oriented, highly organized, and able to handle a variety of tasks and responsibilities in an efficient manner with a high level of quality
• One of the following certifications preferred: CompTIA Security+, CompTIA CySA+, CCNA, C|EH, SSCP, or equivalent