Sr SOC Analyst

Company: Bridge Technologies and Solutions
Location: Bonita Springs
Posted on: April 28, 2024

Job Description:

Security Operations Analyst (SOC)
Job Purpose
The SOC Analyst will perform 24/7/365 monitoring and response activities in the Cyber Security Operations Center for security detection and mitigation activities. Duties include monitoring networks, hosts and endpoints for malicious activity using Security Incident and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) tools, Antivirus and Malware detection tools and email security appliances. Responsibilities cover initial triage, investigation and incident response, the development of new security monitoring use cases, and ensuring all investigative activity is properly documented in our ticketing systems and followed up with relevant support teams. This role will also take joint responsibility for developing and maintaining SOC documentation and processes.

The SOC Analyst position is a rotating shift position that includes nights, weekends and occasional holidays.
Key Accountabilities

• Responsible for working in a 24x7 Security Operation Center (SOC) environment.
• Provide analysis and trending of security log data from a large number of heterogeneous security devices.
• Provide Initial triage and Incident Response support when analysis confirms actionable incident.
• Investigate, document, and report on information security issues and emerging trends.
• Integrate and share information with other analysts and other teams.
• Relevant work experience in Cyber Security Operations, specifically monitoring, detection and incident response duties.
• Experience with monitoring and operating SIEM, EDR and IDS/IPS solutions alongside other critical monitoring toolsets.
• Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies.
• Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)
• Comprehension of how attacks exploit operating systems and protocols
• Analyze and determine the scope of the compromise.
• To research targeted attacks.
• To develop, document and execute containment strategies.
• To document and brief the business on remediation options and execute the plan with IS Partners - Produce final report and recommendation.
• Coordinate efforts of, and provide timely updates to, multiple business units during response.
• To perform in-depth analysis in support of incident response operations.
• Develop requirements for technical capabilities for cyber incident management.
• Investigate major breaches of security and recommending appropriate control improvements. Qualifications
  • Relevant experience in a Security Operations environment is required.
  • Solid understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
  • Hands-on experience with security technologies, including:
    • Intrusion Detection & Prevention (IDP) Sourcefire or Palo Alto desirable
    • Security Information & Event Management (SIEM) Splunk required
    • Endpoint Detection & Response (EDR) Tanium and FireEye HX desirable
    • Network Analysis tools - Wireshark, tcpdump
    • Experience with scripting in Python, Bash and Powershell
    • Experience with the following SecOps processes is required:
      • Email Investigations Including Header Analysis, Office Doc Investigations and Macro Extraction
      • Basic Malware Analysis Static and Dynamic analysis
      • Event Log analysis
      • Solid understanding of Windows and Linux Operating Systems
      • Strong understanding of TCP/IP and underlying network protocols.
      • Excellent stakeholder management and influencing skills covering colleagues, partners / vendors and project sponsors.
      • Experience managing and/or supporting the operationalization of security tools and infrastructure.
      • Experience of managing and responding to information security, or cyber security, incidents in a large enterprise environment Strong background of information security incident management and response.
      • Experience interacting as an information security incident responder with internal business functions, e.g. legal, Ethics, HR and physical security.
      • Experience interacting as an information security incident responder with law enforcement and other external agencies such as FIRST or National Computer Emergency Response Teams.
      • Utilities experience highly desirable. Key Interfaces
        • Security Operations Centre Analysts
        • Global Security Operations Manager
        • Incident Management Team (UK & US)
        • Threat Intelligence Team
        • Pen Testing Team
        • Security Engineering Function
        • IS partners and Service providers (Service Delivery & Major Incident Management)
        • OT Technical support

Keywords: Bridge Technologies and Solutions, Cape Coral , Sr SOC Analyst, Professions , Bonita Springs, Florida