SOC Analyst @ Rite Software

As a Fusion SOC Shift Lead you will support theSecurity Operations Center (SOC) as a lead, performing threat actor-basedinvestigations, recommending detection methodologies, and providing expertsupport to incident response and monitoring functions.

• Act as the main interface point between Service Delivery Managers and SOC service teams
  
• Act as an escalation point and/or SME for all advanced security incident escalations from L1 analysts
  
• Responsible for all SOC shift activities
  
• Perform review and final sign off-of all runbooks and playbooks
  
• Assign and prioritize tasks/tickets to the SOC shift team
  
• Manage ticket queues including escalation of outstanding tickets, tickets requiring updates, and escalation of open tickets where necessary
  
• Provide guidance on process and procedures specific to the clients monitoring environment
  
• Responsible for meeting Service Level Agreement (SLA) requirements
  
• Ensure quality standards are being met by doing ticket audits and reviewing and completing shift turnover logs
  
• Responsible for leading SOC shift handover calls
  
• Provide continuous improvement and on the job training (OJT) for SOC analysts
  
• Manage PTO requests and other schedule issues that impact SOC operations
  
• Coordinate with Cyber Security Engineers to resolve Security information and event management (SIEM) health issues
  
• Coordinate with Service Delivery Managers (SDMs) to enforce specific client requests and provide monitoring updates
  
• Coordinate with SDM to process and complete non-JIRA incidents
  
• Monitor and provide feedback/guidance on incident tickets on trends, patterns and anomalies
  
• Point of escalation for operations/security issues
  
• Ensure quality of FMS SOC service delivery, including policies and Service Level Agreements are met
  
• Assist with analytic investigative support of large scale and complex security incident
  
• Communicate SOC client service delivery issues to SDM and coordinate remediation
  
• Attend client calls as and when needed to assist SDMs with dissemination of security and event information
  
• Familiarity with tools such as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen Testing, APT
  
• Analysis of network data (e.g., packets, logs) and endpoint data (e.g., logs, malicious artifacts) in both structured and unstructured methods using SIEM and various tools
  
• Review SOC reports and deliverables
  
• Manage security event investigations, partnering with other teams as needed
  

Actively seekself-improvement through continuous learning and pursuing advancement to a SOC Manager

Qualifications

Required:

Bachelor ofScience with a concentration in computer science, information systems,information security, math, decision sciences, risk management, engineering(mechanical, electrical, industrial) or other business/technology disciplinesor equivalent work experience

Overall 2+ years working in a SOC and a minimum of 6 months in an L2 analyst or equivalent capacity and/or strong security technology operations experience as a Senior Analyst/ Shift Lead

CertifiedInformation Systems Security Professional (CISSP), Certification in CertifiedIntrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified EthicalHacker (CEH) or equivalent

Able to work shifts on a rotating basis for 24/7 operational support

Experience insecurity technologies such as: Security information and event management(SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall(WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network-and host- based firewalls, Threat Intelligence, Penetration Testing, etc.

Knowledge ofAdvanced Persistent Threats (APT) tactics, technics and procedures

Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.

Understanding of common network infrastructure devices such as routers and switches

Understanding of basic networking protocols such as TCP/IP, DNS, HTTP

Basic knowledge in system security architecture and security solutions

Preferred:

Provenability to translate complex information sets into specific recommendationsthat can be actioned by customers to enhance their security posture

Workingknowledge of threat analysis and enterprise level mitigation strategies

Workingknowledge of how malicious code operates and how technical vulnerabilities areexploited

Workingknowledge of operating systems and networking technologies in general

Workingknowledge of cyber threats, defenses, motivations and techniques

Excellentinterpersonal and organizational skills

Excellentoral and written communication skills

Stronganalytical and problem-solving skills

Self-motivatedto improve knowledge and skills

Astrong desire to understand the what as well as the why and the how of securityincidents