Cybersecurity Specialist

We are seeking a skilled Security Operations Center (SOC) Analyst to join our team.

The SOC Analyst will play a critical role in monitoring and analyzing security logs to detect and respond to potential security threats.

• Key responsibilities include:
• Monitoring, analyzing, and interpreting security/system logs for events, operational irregularities, and potential incidents, and escalating issues as appropriate.
• Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS/IPS, Firewalls, EDR, etc.).
• Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls.
• Provides support for complex system/network exploitation and defense techniques to include deterring, identifying, and investigating system and network intrusions.
• Supports malware analysis, host and network, log analysis, and triage in support of incident response.
• Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on past and current threats.
• Monitors the threat/vulnerability landscape, security advisories, and acts on them as appropriate.
• Continuously monitors the security alerts and escalation queue, triages security alerts.
• Monitors and tunes SIEM (content, parsing, maintenance).
• Monitors Cloud infrastructure for security-related events.
• Delivers scheduled and ad-hoc reports.
• Develops and coaches L1 analysts.
• AUTHOR STANDARD OPERATING PROCEDURES (SOPs) AND TRAINING DOCUMENTATION.
• Works the full ticket lifecycle; handles every step of the alert, from detection to remediation.
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
• Performs threat-intel research, learns new attack patterns, actively participates in security forums.

To be successful in this role, you must possess the following qualifications:

• Bachelor's degree in Engineering or closely related coursework in technology development disciplines.
• Certifications like CISSP, CEH, CISM, GCIH, GCIA are also required.
• Experience with the following or related tools: SIEM Tools such as Splunk, IBM QRadar, SecureOnix; Case Management Tools such as Swimlane, Phantom, etc.; EDR tools such as Crowdstrike, Sentinel, VMware, McAfee, Microsoft Defender ATP, etc.
• 5+ years of SOC related work experience.
• Full understanding of SOC L1 responsibilities/duties and how the duties feed into L2/L3.
• Advanced knowledge of TCP/IP protocols and event log analysis.
• Strong understanding of Windows, Linux and networking concepts.
• Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools.
• Good understanding of security solutions including SIEMs, Web Proxies, EDR, Firewalls, VPN, authentication, encryption, IPS/IDS etc.
• Functional understanding of Cloud environments.
• Ability to conduct research into IT security issues and products as required.
• Working in a TAT based IT security incident resolution practice and knowledge of ITIL.
• Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred.
• Malware analysis and reverse engineering is a desired skill.

The ideal candidate will possess the following attributes:

• Self-starter and quick learner requiring minimal ramp-up.
• Excellent written, oral, and interpersonal communication skills.
• Highly self-motivated, self-directed, and attentive to detail.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.