About the job Security Information and Event Management (SIEM) Operations
Summary:
The SOC Analyst is responsible for monitoring and analyzing security events on an ongoing basis. The role involves investigating and responding to threats in a timely and effective manner, and where necessary, escalating incidents to the appropriate teams for in-depth analysis and/or resolution.
Roles and Responsibilities:
- Monitors and analyzes Security Information and Event Management (SIEM) to identify security issues for remediation.
- Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Evaluates/deconstructs malware (e.g., obfuscated code) through open-source and vendor-provided tools.
- Communicates alerts to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
- Prepares briefings and reports of analysis methodology and results.
- Creates and maintains standard operating procedures and other similar documentation; ensures all documentation is up to date and standard.
- Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
- Assists Entry-Level SOC analysts in building stronger skills.
- Assists Team Leads with reporting, projects, administrative work as needed.
- Support cyber defense functions to protect organizations from cyber security incidents that have potential to cause negative impact
- Review suspicious threat activity via logs and security applications to determine the nature of a possible threat
- Decide necessary remediation actions for a multitude of systems, including but not limited to Operating Systems, network firewalls/routers, AV systems and more
- Create clear and concise write-ups representing the overall summary, analysis, actions taken and recommendations for escalated incidents via a platform ticketing system
- Validate operations during their shift and contact senior analysts for additional support/escalation
- Monitor customer requests via their escalated tickets and inform the senior team for additional support
- Investigate, document, and report on information security issues and emerging trends
- Incident Response - reporting of cyber security incidents, mitigation advisement, quality review and after action
- Use SOC monitoring tools and have a working understanding of systems such as, SIEM systems, Intrusion Detection System, Data Loss
- Prevention, Antivirus System, to review and analyze pre-defined events
- Provide analysis and identify trends of security log data from a large number of heterogeneous security devices indicative of incidents
- Suggest and request whitelisting and use case fine-tuning from Engineering team as applicable
- Inform parsing issues to SOC Content / Platform Engineering team as applicable
- Perform basic threat (retro) hunting leveraging an IoC-based approach
Job Qualifications:
Minimum of 3 years of relevant experience
Experience in ticketing, monitoring systems, and working in a SOC environment.
Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, Endpoint Detection and Response (EDR) and SIEM technologies.
Fundamental understanding of computer networking (TCP/IP), knowledge of Windows, Linux, and Information Security.
In-depth experience in performing security investigations across different platforms, including OS, networks, cloud, messaging, etc.
High-level knowledge of cybersecurity attack, and defense techniques.
Experience working with cloud cybersecurity tools.
Excellent analytical and problem-solving skills as well as interpersonal skills to interact with clients, team members, and upper management.
Proficient in both oral & written communication.
Graduate of any college degree in Computer Science or Information Security, or related technical field of expertise.
Must be willing to work on a shifting schedule and on site.