Sr SOC Analyst
Company: Bridge Technologies and Solutions
Location: Bonita Springs
Posted on: April 28, 2024
Job Description:
Security Operations Analyst (SOC)
Job Purpose
The SOC Analyst will perform 24/7/365 monitoring and response
activities in the Cyber Security Operations Center for security
detection and mitigation activities. Duties include monitoring
networks, hosts and endpoints for malicious activity using Security
Incident and Event Management (SIEM) tools, Endpoint Detection and
Response (EDR) tools, Antivirus and Malware detection tools and
email security appliances. Responsibilities cover initial triage,
investigation and incident response, the development of new
security monitoring use cases, and ensuring all investigative
activity is properly documented in our ticketing systems and
followed up with relevant support teams. This role will also take
joint responsibility for developing and maintaining SOC
documentation and processes.
The SOC Analyst position is a rotating shift position that includes
nights, weekends and occasional holidays.
Key Accountabilities
- Responsible for working in a 24x7 Security Operation Center
(SOC) environment.
- Provide analysis and trending of security log data from a large
number of heterogeneous security devices.
- Provide Initial triage and Incident Response support when
analysis confirms actionable incident.
- Investigate, document, and report on information security
issues and emerging trends.
- Integrate and share information with other analysts and other
teams.
- Relevant work experience in Cyber Security Operations,
specifically monitoring, detection and incident response
duties.
- Experience with monitoring and operating SIEM, EDR and IDS/IPS
solutions alongside other critical monitoring toolsets.
- Demonstrated ability to coordinate and respond to security
incidents using commercial and/or open source technologies.
- Experience with Incident Response methodology in
investigations, and the groups behind targeted attacks and tactics,
techniques, and procedures (TTPs)
- Comprehension of how attacks exploit operating systems and
protocols
- Analyze and determine the scope of the compromise.
- To research targeted attacks.
- To develop, document and execute containment strategies.
- To document and brief the business on remediation options and
execute the plan with IS Partners - Produce final report and
recommendation.
- Coordinate efforts of, and provide timely updates to, multiple
business units during response.
- To perform in-depth analysis in support of incident response
operations.
- Develop requirements for technical capabilities for cyber
incident management.
- Investigate major breaches of security and recommending
appropriate control improvements. Qualifications
- Relevant experience in a Security Operations environment is
required.
- Solid understanding of networking protocols and infrastructure
designs; including cloud infrastructures, routing, firewall
functionality, host and network intrusion detection systems,
encryption, load balancing, and other network protocols.
- Hands-on experience with security technologies, including:
- Intrusion Detection & Prevention (IDP) Sourcefire or Palo Alto
desirable
- Security Information & Event Management (SIEM) Splunk
required
- Endpoint Detection & Response (EDR) Tanium and FireEye HX
desirable
- Network Analysis tools - Wireshark, tcpdump
- Experience with scripting in Python, Bash and Powershell
- Experience with the following SecOps processes is required:
- Email Investigations Including Header Analysis, Office Doc
Investigations and Macro Extraction
- Basic Malware Analysis Static and Dynamic analysis
- Event Log analysis
- Solid understanding of Windows and Linux Operating Systems
- Strong understanding of TCP/IP and underlying network
protocols.
- Excellent stakeholder management and influencing skills
covering colleagues, partners / vendors and project sponsors.
- Experience managing and/or supporting the operationalization of
security tools and infrastructure.
- Experience of managing and responding to information security,
or cyber security, incidents in a large enterprise environment
Strong background of information security incident management and
response.
- Experience interacting as an information security incident
responder with internal business functions, e.g. legal, Ethics, HR
and physical security.
- Experience interacting as an information security incident
responder with law enforcement and other external agencies such as
FIRST or National Computer Emergency Response Teams.
- Utilities experience highly desirable. Key Interfaces
- Security Operations Centre Analysts
- Global Security Operations Manager
- Incident Management Team (UK & US)
- Threat Intelligence Team
- Pen Testing Team
- Security Engineering Function
- IS partners and Service providers (Service Delivery & Major
Incident Management)
- OT Technical support
Keywords: Bridge Technologies and Solutions, Cape Coral , Sr SOC Analyst, Professions , Bonita Springs, Florida
Didn't find what you're looking for? Search again!
Loading more jobs...