Associate - SOC Analyst

We are seeking analyst level individuals with experience working in the field of cybersecurity and a desire to help organizations improve their operations to join our team and help run the ongoing security operations for RSM clients in a variety of industries and geographic locations. Successful candidates will have working knowledge in some or all these areas IT operations, security monitoring, active directory, IP networking and various cloud technologies.

Position and Key Responsibilities

At RSM, analysts work with large and small companies in variety of industries. They develop strong working relationships with their peers within the security operations center (SOC) while learning their clients businesses and challenges facing their organizations. Analysts work as part of a broader team under the direction of more senior analysts, threat hunters, shift leads, intelligence analysts and SOC managers in support of multiple clients. Working in a mutually respectful team environment helps our analysts perform at their best and integrate their career with their personal life. You will have the opportunity to:

Role Responsibilities:

• Investigate security incidents using SIEM tools, automation, and other cybersecurity technologies (i.e. ServiceNow, Stellar Cyber, Hyas Insight and DNS Protect, sentinel One, ELK Stack, Virus total, Shodan, NetFlow, Passive DNS, Silobreaker, Tenable.io, Hatching Triage Sandbox)
• Analyze, escalate, and assist in remediation of critical security incidents.
• Improve and challenge existing processes and procedures in a very agile and fast-paced information security environment serving multiple clients
• Process IDS alerts and identifying incidents and events in customer data.
• Setup and execution and analysis of vulnerability scans
• Perform advanced analysis and investigation into alerts as they are identified
• Performing initial basic malware analysis utilizing automated means (static and dynamic sandbox analysis or other available tools)
• Incident intake, ticket updates and reporting of cyber events and threat intelligence
• Understanding, identifying, and researching indicators of compromise (IOCs) from a variety of sources such as threat intelligence reports and feeds
• Writing incident reports, process documentation, and interact with clients as required
• Transcribe and implement atomic indicators into a monitoring environment.
• Consume policy documentation and determine applicability in a network.
• Work with protocols at layers 2 and higher in the OSI model, to include ARP TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use well-known ports.
• Develops the playbooks to respond and recovery from various attacks/incidents.
• Drives the automation efforts focused on the closing cases, responding to Cyber events and analyzing data required to enable efficient response activities.
• Processing of Cyber Threat Intel that is used across RSM detection platforms to understand and prepare for potential threats. Threat intel is heavily used across RSM platforms drive issue prioritization.
• Open to working shifts in a 24x7 operations environment.

Qualifications and Experience:

• Minimum B.A. or B.S. degree or equivalent from an accredited university by the time employment commences or prior relevant military / law enforcement experience.
• Computer science, information technology, information systems management, or other similar degrees preferably with a focus on information security

• 3-5 years experience working in a security operations center, networking operations center or threat intelligence capacity.
• Possess at least one security industry certification such as CYSA+, Security+, CISSP, SANS GIAC (GSOC, GCIA, GMON, CGCDA)
• Knowledge of security standards and information security and compliance frameworks, controls, and best practices, including SSAE 16, SOC 2 and SOC3, OWASP Top 10, SANS, NIST
• Must have a naturally curious mindset and approach to solving problems.
• Basic understanding of cloud technologies and their operations
• Experience supporting various operating systems such as Windows/Linux
• Understanding of IP network protocols