Security Analyst (SOC Analyst)

Position Title: Security Analyst (SOC Analyst)

Job Description:

The Security Analyst I role is a critical position within the organization. The primary function of the role will be to provide monitoring of deployed customer environments for security events. This includes establishing the extent of a threat, the business impact, and advising the most suitable course of action to contain and remedy the event. A Cybersecurity Technician will serve as an escalation point to the subject matter expert for in-depth cybersecurity events and must be able to communicate effectively to all stakeholders during the event management process.

Key Responsibilities

Additional Responsibilities

• Maintain accurate and real-time timesheets, record complete and accurate notes of troubleshooting and communication with clients
• Receive mentoring and feedback from peers and others
• Where appropriate, escalate complicated issues to a more senior resource or other appropriate teams
• Review Tickets with Manager
• Actively Participate in Team Huddles, L10 Meetings, One on One Meetings, and any other Team Meetings
• Create and update documentation when changes occur, or when discoveries are made
• Attend monthly training & team meetings as required
• Additional duties as required

Skills, Knowledge, and Expertise

• Two years work experience in the Information Security or related fields
• Two or more current security-related industry certifications
• Experience with SIEM platforms, firewall management, and endpoint detection and response platforms
• One year or more of experience with EDR solutions, ESGs, vulnerability management, and content filtering
• Good problem-solving and decision-making skills; ability to understand and analyze complex issues
• Self-motivated, detail-oriented, highly organized, and able to handle a variety of tasks and responsibilities in an efficient manner with a high level of quality
• One of the following certifications preferred: CompTIA Security+, CompTIA CySA+, CCNA, C|EH, SSCP, or equivalent

2. Manage the security event monitoring and incident response ticket queues and triage as appropriate to meet the established service level agreements
3. Promptly transfer cybersecurity tickets to the client or internal point of contact
4. Clearly convey indicators of compromise, isolation, and remediation steps
5. Analyze and interpret system, security, and application logs in order to diagnose faults, spot abnormal behavior, and rule out false positives
6. Effectively utilize End Detection and Response tools to investigate alerts, anomalies, and build accurate timelines related to possible compromise
7. Follow established procedures to investigate, escalate, contain, or eradicate malicious activity
8. Develop and deliver written and oral reports to clients, teammates, and management to aggregate and communicate security information and metrics
9. Provide input and recommendations to improve internal processes and procedures related to SOC duties and responsibilities
10. Participate in threat-hunting activities and other special projects as required
11. Understand and follow, our set of standards and processes that produce a predictable result for the client. You must be aware of and maintain our standards.