|Reports to||Head of SoC|
Job Responsibilities & Experience
As a Security Analyst – SOC, you are responsible for managing day to day operations of Security Device Management SIEM, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM. You are also Responsible for identifying, reporting and tracking system vulnerabilities within corporate, commercial and federal assets ensuring the integrity of the environment.
Daily Activities include:
- Operation of various scanning tools in use
- Assessment and analysis data collected from scan tools
- Tracking and reporting on discovered vulnerabilities and remediation efforts
- Identification of overdue system remediation efforts
- Sourcing and tracking of public and pre-embargoed vulnerability disclosure sources.
- Analysis and reporting of all applicable publicly disclosed zero-day vulnerabilities.
- Coordination with system owners to identify and remediate scan problems
- Coordination with system owners to provide requested details about scan findings, scan methodologies and remediation recommendations
- Assisting Program Managers with reporting and continuous motion on remediation efforts
- General SIEM monitoring, analysis, content development, and maintenance.
- Monitor a strategic, comprehensive corporate, commercial and federal information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
- Daily security activities related to the protection of corporate and other federal assets including scanning tools and ticketing systems documenting the identification and remediation process for identified system flaws
- Provide information to system owners of flaws identified within that group’s responsible systems.
- Assist in risk assessment duties including reporting and oversight of remediation efforts
- Research, analysis, and response for alerts; including log retrieval and documentation.
- Conduct analysis of network traffic and host activity across a wide array of technologies and platforms.
- Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.
- Enterprise-level experience managing the remediation of vulnerabilities in two or more of the following areas: Server Operating Systems (Windows Server, Red Hat, CentOS)
- Network (Cisco, Palo Alto, F5, McAfee)
- Storage (NetApp, CleverSafe)
- Manage multiple projects with various priority levels and time lines from start to finish
- Develop and maintain accurate documentation for internal procedures and services
- Maintain knowledge of outstanding vulnerability management issues and ensure remediation timelines are completed by required guidelines
- Thorough understanding of how to calculate CVSS v2 and v3 adjusted scores
- Must collaborate with other departments to resolve complex issues and be detail oriented
- Ability to automate solutions to repetitive problems/tasks
Required Technical and Professional Expertise:
- Overall 3+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a Security Operations Center.
- Experience with: SIEM (QRadar, Splunk, Nitro, etc.), SOAR (Resilient, Demisto, ServiceNOW, etc.), Ticketing (JIRA, ServiceNow, Remedy, etc.)
- Minimum 1+ Years of experience in Security Operation Centre with SIEMs or 1+ years of applicable experience with Linux/UNIX systems in a production environment
- Knowledge of generic information security standards/programs. Understanding of basic network concepts, familiarity with TCP/IP and VLAN functionality
- Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response and other information security practices preferred
- Expertise in Security Device Management SIEM, Qradar, Incident Response, Threat Hunting, Use case engineering, SOC analyst, device integration with SIEM
Preferred Technical and Professional Expertise:
- Security+, Linux+, GREM, GCFA, GNFA, OSCP, or similar certification preferred
- Experience with the common tools associated with penetration testing (Metasploit, Burp Suite, Kali etc.)
- Ability to effectively code in a scripting language (Python, Perl, etc.)
To apply for this job email your details to email@example.com