Job Openings Security Information and Event Management (SIEM) Operations

About the job Security Information and Event Management (SIEM) Operations

Summary:

The SOC Analyst is responsible for monitoring and analyzing security events on an ongoing basis. The role involves investigating and responding to threats in a timely and effective manner, and where necessary, escalating incidents to the appropriate teams for in-depth analysis and/or resolution.

Roles and Responsibilities:

  • Monitors and analyzes Security Information and Event Management (SIEM) to identify security issues for remediation.
  • Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
  • Evaluates/deconstructs malware (e.g., obfuscated code) through open-source and vendor-provided tools.
  • Communicates alerts to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
  • Prepares briefings and reports of analysis methodology and results.
  • Creates and maintains standard operating procedures and other similar documentation; ensures all documentation is up to date and standard.
  • Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
  • Assists Entry-Level SOC analysts in building stronger skills.
  • Assists Team Leads with reporting, projects, administrative work as needed.
  • Support cyber defense functions to protect organizations from cyber security incidents that have potential to cause negative impact
  • Review suspicious threat activity via logs and security applications to determine the nature of a possible threat
  • Decide necessary remediation actions for a multitude of systems, including but not limited to Operating Systems, network firewalls/routers, AV systems and more
  • Create clear and concise write-ups representing the overall summary, analysis, actions taken and recommendations for escalated incidents via a platform ticketing system
  • Validate operations during their shift and contact senior analysts for additional support/escalation
  • Monitor customer requests via their escalated tickets and inform the senior team for additional support
  • Investigate, document, and report on information security issues and emerging trends
  • Incident Response - reporting of cyber security incidents, mitigation advisement, quality review and after action
  • Use SOC monitoring tools and have a working understanding of systems such as, SIEM systems, Intrusion Detection System, Data Loss
  • Prevention, Antivirus System, to review and analyze pre-defined events
  • Provide analysis and identify trends of security log data from a large number of heterogeneous security devices indicative of incidents
  • Suggest and request whitelisting and use case fine-tuning from Engineering team as applicable
  • Inform parsing issues to SOC Content / Platform Engineering team as applicable
  • Perform basic threat (retro) hunting leveraging an IoC-based approach

Job Qualifications:

  • Minimum of 3 years of relevant experience

  • Experience in ticketing, monitoring systems, and working in a SOC environment.

  • Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.

  • Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, Endpoint Detection and Response (EDR) and SIEM technologies.

  • Fundamental understanding of computer networking (TCP/IP), knowledge of Windows, Linux, and Information Security.

  • In-depth experience in performing security investigations across different platforms, including OS, networks, cloud, messaging, etc.

  • High-level knowledge of cybersecurity attack, and defense techniques.

  • Experience working with cloud cybersecurity tools.

  • Excellent analytical and problem-solving skills as well as interpersonal skills to interact with clients, team members, and upper management.

  • Proficient in both oral & written communication.

  • Graduate of any college degree in Computer Science or Information Security, or related technical field of expertise.

  • Must be willing to work on a shifting schedule and on site.