Description
The Security Operation Center (SOC) Analyst position is Hybrid, so some on site work is required. Work hours are Monday - Friday, with on call duties every few weeks.
The Security Operation Center (SOC) Analystis responsible for:
* Monitor security events and alerts from various sources including SIEM (Security Information and Event Management) tools, intrusion detection/prevention systems, antivirus systems, and other security tools.
* Analyze security alerts to identify potential cybersecurity incidents and assess their severity.
* Conduct in-depth investigations into security incidents, including determining the root cause, impact, and extent of the compromise.
* Utilize threat intelligence sources to enhance the detection and analysis of security threats.
* Respond promptly to security incidents, following established procedures and protocols.
* Coordinate with internal teams and external stakeholders to contain and mitigate security incidents.
* Document all incident response activities, including actions taken, findings, and remediation steps.
* Assist in identifying and assessing vulnerabilities within the organization's systems and networks.
* Coordinate with system administrators and other stakeholders to prioritize and remediate vulnerabilities in a timely manner.
* Track and report on the status of vulnerability remediation efforts.
* Proactively search for signs of malicious activity within the organization's environment.
* Develop and execute threat hunting methodologies and techniques to identify advanced threats that may evade traditional security measures.
* Manage and maintain security tools and technologies, ensuring they are properly configured and updated.
* Collaborate with the IT team to deploy, configure, and tune security solutions for maximum effectiveness.
* Generate regular reports on security incidents, trends, and metrics for management review.
* Maintain detailed documentation of security incidents, investigations, and remediation efforts.
* Provide guidance and training to other members of the IT team on security best practices, incident response procedures, and emerging threats.
* Participate in security awareness programs to educate employees about cybersecurity risks and mitigation strategies.
* Stay current with the latest cybersecurity trends, threats, and technologies.
* Recommend and implement enhancements to security monitoring and detection capabilities.
Required skills and experience:
* Strong understanding of cybersecurity principles, protocols, and best practices.
* Experience with SIEM tools, intrusion detection/prevention systems, and other security technologies.
* Knowledge of networking concepts and protocols.
* Excellent analytical and problem-solving skills.
* Strong communication and interpersonal skills.
* Ability to work effectively both independently and as part of a team.
Requirements
Required skills and experience:
* Strong understanding of cybersecurity principles, protocols, and best practices.
* Experience with SIEM tools, intrusion detection/prevention systems, and other security technologies.
* Knowledge of networking concepts and protocols.
* Excellent analytical and problem-solving skills.
* Strong communication and interpersonal skills.
* Ability to work effectively both independently and as part of a team.
Other skills/experience would be helpful:
* A strong working knowledge of NIST SP 800-53, NIST SP 800-171, FISCAM, OMB-A123, PCI, SSAE-16 controls (SOC 1) is a plus.
* Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
* 2+ years of experience in a security operations role, preferably in a SOC environment.
* Proficiency in incident response methodologies and tools.
* Relevant certifications such as Security+, GIAC, CISSP, or equivalent are a plus.