Security Operations Analyst (SOC)Job PurposeThe SOC Analyst will perform 24/7/365 monitoring and response activities in the Cyber Security Operations Center for security detection and mitigation activities. Duties include monitoring networks, hosts and endpoints for malicious activity using Security Incident and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) tools, Antivirus and Malware detection tools and email security appliances. Responsibilities cover initial triage, investigation and incident response, the development of new security monitoring use cases, and ensuring all investigative activity is properly documented in our ticketing systems and followed up with relevant support teams. This role will also take joint responsibility for developing and maintaining SOC documentation and processes.
The SOC Analyst position is a rotating shift position that includes nights, weekends and occasional holidays.Key AccountabilitiesResponsible for working in a 24x7 Security Operation Center (SOC) environment.Provide analysis and trending of security log data from a large number of heterogeneous security devices.Provide Initial triage and Incident Response support when analysis confirms actionable incident.Investigate, document, and report on information security issues and emerging trends.Integrate and share information with other analysts and other teams.Relevant work experience in Cyber Security Operations, specifically monitoring, detection and incident response duties.Experience with monitoring and operating SIEM, EDR and IDS/IPS solutions alongside other critical monitoring toolsets.Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies.Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)Comprehension of how attacks exploit operating systems and protocolsAnalyze and determine the scope of the compromise.To research targeted attacks.To develop, document and execute containment strategies.To document and brief the business on remediation options and execute the plan with IS Partners - Produce final report and recommendation.Coordinate efforts of, and provide timely updates to, multiple business units during response.To perform in-depth analysis in support of incident response operations.Develop requirements for technical capabilities for cyber incident management.Investigate major breaches of security and recommending appropriate control improvements.Qualifications
Relevant experience in a Security Operations environment is required.Solid understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.Hands-on experience with security technologies, including:
Intrusion Detection & Prevention (IDP) Sourcefire or Palo Alto desirableSecurity Information & Event Management (SIEM) Splunk requiredEndpoint Detection & Response (EDR) Tanium and FireEye HX desirableNetwork Analysis tools - Wireshark, tcpdumpExperience with scripting in Python, Bash and Powershell
Experience with the following SecOps processes is required:
Email Investigations Including Header Analysis, Office Doc Investigations and Macro ExtractionBasic Malware Analysis Static and Dynamic analysisEvent Log analysisSolid understanding of Windows and Linux Operating Systems
Strong understanding of TCP/IP and underlying network protocols.Excellent stakeholder management and influencing skills covering colleagues, partners / vendors and project sponsors.Experience managing and/or supporting the operationalization of security tools and infrastructure.Experience of managing and responding to information security, or cyber security, incidents in a large enterprise environment Strong background of information security incident management and response.Experience interacting as an information security incident responder with internal business functions, e.g. legal, Ethics, HR and physical security.Experience interacting as an information security incident responder with law enforcement and other external agencies such as FIRST or National Computer Emergency Response Teams.Utilities experience highly desirable.Key Interfaces
Security Operations Centre AnalystsGlobal Security Operations ManagerIncident Management Team (UK & US)Threat Intelligence TeamPen Testing TeamSecurity Engineering FunctionIS partners and Service providers (Service Delivery & Major Incident Management)OT Technical support
#J-18808-Ljbffr
