Security Analyst - SOC

Position Summary

The Security Analyst Security Operations Center (SOC) will work as part of the Information Security Operations team in the Technology Division (IT) to detect, prioritize, and triage any potential attacks or malicious activities involving organizations intellectual property, networks, and sensitive data. The ideal candidate will have a thorough understanding of information security, cyber threats, cyber threat actors, and monitoring and detection. The SOC Analyst will be responsible for continuous monitoring, identifying, and investigating of security events and alerts, providing incident response and remediation support, and improving security posture.

Responsibilities

• Define, identify, and classify information assets, assess threats and vulnerabilities regarding those assets, as well as recommend appropriate information security controls and measures.
• Detect, analyze, respond to, and lead security incidents, including Application and

Network attempted and realized breaches. The incident response should include host and network-based log analysis, correlation of network indicators, PCAP data, incident timeline generation, and root cause analysis among other data sources.

• Correlate event data for IDS systems, Firewalls, Secure Web Gateways, SIEM, and other

security systems for potential threats.

• Create and modify Kusto Queries (KQL functions) for Azure Sentinel analysis and investigations.
• Research and identify key indicators of compromise (IOC) on the network, servers, and end user workstations.
• Investigate and analyze causes, patterns and trends that can pose a risk to data integrity and information systems.
• Investigate security breaches and create actionable plans to address risks.
• Prepare detailed written analyses of incidents with remediation and prevention documentation.
• Provide briefing of findings to both technical and non-technical senior management audiences and business stakeholders.
• Maintain current knowledge on a wide range of security issues including architectures, firewalls, electronic data traffic and network access.
• Stays current with security news, attacks, threats, vulnerabilities, and technologies and implementing new defenses to secure the threat landscape.
• Adhere to ethical standards and comply with the laws and regulations applicable to the job function

Education, Certifications, or Special Licenses

• A bachelors degree in Computer Science, Computer Engineering or an equivalent combination of education and experience from which comparable knowledge and abilities can be acquired.
• GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC

Network Forensic Analyst (GNFA), AWS Certified Security Specialty or other industry relevant certifications (Cloud-focused).

Relevant Years of Experience Required:

• Minimum 3+ years of progressively responsible experience in an Information Security and/or Cyber Operations environment for mid to large sized organization with familiarity of industry-standard security solutions.
• Minimum of 3 years experience with Perl, Python, or other scripting language in an

incident handling environment.

• Cloud Security experience required.
• Experience with core AWS services such as EC2, VPCs, S3, SNS, Lambda, CloudWatch and CloudTrail and AWS security consoles such as Guard Duty, Macie, etc. is a plus

Other Requirements

• Strong hands-on cyber security skills, experience and demonstrated competency pertaining to cyber threats, information security, monitoring, detection and responding to security incidents.
• Strong knowledge and understanding of incident response phases (detection, triage,

incident analysis, remediation, and reporting), threats, vulnerabilities, and exploits.

• Proven experience designing, implementing, and managing innovative solutions to complex security and infrastructure environments.
• In-depth understanding of operating systems, network/system architecture, protocols, and enterprise services, and enterprise architecture design.
• Ability to analyze different data types from various sources and draw conclusions regarding past and potential current security incidents.
• Experience and/or knowledge of Security Information and Event Management (SIEM) systems.
• Capability to quickly script and parse data.
• Ability to work independently, self-motivate and work within in a team environment.
• Strong critical thinking, analytical and technical problem-solving skills.
• Excellent verbal and written communication skills.