Security Analyst, GSOC

ROLES & RESPONSIBILITIES  Reviews alerts generated by SentinelOne and implements appropriate containment and mitigation measuresProficient in SIEM, with a focus on QRadar SIEM, as well as threat monitoring and hunting within SIEM environments.Analyzes payloads using JoeSandbox and escalates to the appropriate team as necessaryCollaborates with the Forensics team to conduct threat hunting using identified Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs)Assists the Tiger Team in targeted collections of systems based on identified malicious activities in the client's environmentConducts historical log reviews to support threat hunting efforts and ensures all malicious artifacts are mitigated in the SentinelOne consoleExamines client-provided documents and files to supplement the SOC investigation and mitigation strategyConducts perimeter scans of client infrastructure and reports any identified vulnerabilities to the Tiger Team for appropriate escalationManages client-related tasks within the ConnectWise Manage ticketing system as part of the Client Handling LifecycleCreates user accounts in SentinelOne console for the clientGenerates Threat Reports showcasing activity observed within the SentinelOne productExecutes passphrase exports as needed for client offboardingSubmits legacy installer requests to ensure the team is properly equipped for deploymentProvides timely alert notifications to the IR team of any malicious activity impacting our clientsAssists with uninstalling/migrating SentinelOneGenerates Ranger reports to provide needed visibility into client environmentsManages and organizes client assets (multi-site and multi-group accounts)Applies appropriate interoperability exclusions relating to SentinelOne and client applicationsPerforms SentinelOne installation / interoperability troubleshooting as neededContributes to the overall documentation of SOC processes and proceduresParticipates in "Handler on Duty (HOD) shifts as assigned to support the TT client mattersInternally escalates support ticket / alerts to Tier II-IV Analysts as neededMay perform other duties as assigned by managementSKILLS AND KNOWLEDGE  Demonstrated knowledge of Windows and Unix operating systemsThorough understanding of Digital Forensics and Incident Response practicesProficiency in advanced analysis techniques for processing and reviewing large datasets in various formatsFamiliarity with TCP/IP and OSI Model concepts at a basic levelExpertise in the Incident Response Life Cycle stages (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned)Working knowledge of the MITRE ATT&CK framework at an intermediate levelProven ability to work independently and solve complex problems with little direction from managementHighly detail-oriented and committed to producing quality workJOB REQUIREMENTS Associate's degree and 6+ years of IT related experience or Bachelor's Degree and 2-5 years related experienceCurrent or previous knowledge of, or previous experience with, Endpoint Detection and Response (EDR) toolsetsGeneral knowledge of the Incident Handling LifecycleAbility to communicate in both technical and non-technical terms both oral and writtenDISCLAIMER The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified. WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.PHYSICAL DEMANDS No physical exertion requiredTravel within or outside of the stateLight work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objectsTERMS OF EMPLOYMENT Salary and benefits shall be paid consistent with Arete salary and benefit policy.FLSA OVERTIME CATEGORY Job is exempt from the overtime provisions of the Fair Labor Standards Act.DECLARATION The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.EQUAL EMPLOYMENT OPPORTUNITY We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. #LIArete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.When you join Arete…You'll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we're about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.Equal Employment OpportunityWe're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.