SOC Analyst(NCS/Job/ 1177)

This position is for a core team member at best “a Technical Lead” NOT “Soc Manager” to supplement the firm’s growing cyber security monitoring function, starting from 5 to max 10yrs of experience having hands on L3/Engineering level work in most recent projects.

The candidate will join a team currently responsible for:

• Providing first level response for security events including but not limited to intrusion detection, malware infections, denial of service attacks, privileged account misuse and network breaches. The event management includes triage, correlation and enrichment of individual events to either rule out as false positive, trigger standard detective and corrective responses, or escalating as a security incident.

• Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing. Expand the usage of security monitoring tools to improve the security of the environment based on business use cases or changes in threat landscape, root causes from security incident response, or output from security analytics

• Monitoring the Security Information and Event Management (SIEM) platform for security alerts.

• Providing metrics and reports around security monitoring by designing dashboards for asset owners and management consumption. Leveraging existing technologies within the organization to expand the scope of coverage of the security monitoring service.

• Provide technical and thought leadership within SOC by: o Teaching other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents and other anomalies o Regularly recommending new SOC practices and approaches to address program and process improvement

• Performs analysis duties, including: o Review of available logs to confirm there are adequate quantities and content to usefully provide Security Monitoring o Triage SIEM alerts to determine False Positive, Incident, or Technology Misconfiguration o Perform research at the request of Incident Response teams

• Perform case management activities to ensure successful BAU Security Monitoring Operations, including: o Documenting case activities in the system of record o Documenting current case notes sufficient for effective shift handover, as well as reviewing current status via teams, email or phone call o Engaging in all forms of communications (e.g. phone calls, instant-messaging, web page updates) to ensure cases are efficiently investigated by all approved parties, regardless of what company, department, or team to which they are a member

• Author Standard Operating Procedures (SOPs), such as: o Incident detection “use case” needs, logic, and implementation methods o “use case” alert triage workflows o Training documentation o Recommending, then implementing approved program improvements

• Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations. Provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities.

• Ensures that all significant security concerns are addressed.

• Recommends course of action to mitigate risk and ensures that appropriate standards are established and published.