Security Analyst

POSITION SUMMARY:

The SOC Analyst (Level 1) will use a variety of tools to investigate incidents and take immediate action or recommend a course of action to safeguard Incedos Managed Services Clients.

The SOC Analyst (Level 1) is responsible for monitoring and responding to security related alerts triggered in the SIEM tool within Incedos Technology Partners Managed Service Clients.

Primary responsibilities include incident triage, correlation of data from firewall, endpoint security, SASE and IPS logs; determining if a critical system or data set has been impacted; provides recommendations on remediation; and provides support for new analytic methods for detecting threats.

Role and responsibilities:

• Ensure that all SOC (Security Operations Center) tickets are handled and resolved within SLAs (Service Level Agreements).
• Perform detailed analysis of threats and security events, using sound analytical skills, knowledge, and experience, with a clear narrative to support conclusions.
• Maintain records of security events investigated, detailed notes of security incident resolution, and incident response activities, utilizing ticketing systems.

• Make situational incident response recommendations based on best practice security policies that address the clients business need.

• Research and stay up to date with current security vulnerabilities, attacks, threat actors, security advisories and the MITRE Attack Framework.

• Manage, maintain, and monitor security alerting systems from remote communications sites to ensure company compliance.
• Create and run search queries in SIEM tool to help with identifying and troubleshooting security issues.
• Utilize tools (e.g., Wireshark, Nmap, PCap, etc.) to identify and map devices on the network.
• Open, track and close trouble tickets.

Technical Skills

• Answer incoming hot line calls and monitor various e-mail accounts and act according to SOC procedures and processes.
• Interface with client through email, phone calls, and meetings or Aspire field personnel to mitigate security incidents.
• Assist with the preparation of SOC reports, research papers, and blog posts.
• Investigate and provide technical analysis of various security incidents and possible compromise of systems.
• Works as Tier I/L1 support and will work directly with Tier II/L2 and TIER III/L3 and NOC Engineers for issue resolution.
• Provide direct communication to affected users and companies on security incidents and maintenance activities.
• Maintain customer technical information within defined documentation standards.
• Obtain/maintain technical/professional certifications applicable to position or as directed.
• Communicate with customers, peers, team, and managers regarding incident and change management.
• Provide emergency on-call support on a rotating schedule.
• Perform other duties as assigned.

Nice-to-have skills

• Possession of an Industry Certification (Security+, CySA+, Cisco Cyber-Ops Associate, NSE4, or similar)
• 1+ years of experience in Security Management. SIEM and Log Management (MS Sentinel , IBM QRadar ,Splunk, OSSIM, FortiSIEM, LogRhythm, etc.)
• Experience with Firewalls (Palo Alto Networks, Cisco Firepower Manager)
• Experience with Endpoint Security (Cisco Secure Endpoint, CrowdStrike Falcon, Carbon Black, Microsoft Advanced Threat Protection)
• Experience with Network Traffic Analytics (Cisco Stealthwatch Cloud, Darktrace)
• Experience with DNS Security (Cisco Umbrella, Forcepoint)
• 2+ years of experience with Ticket Management Tools (e.g., ConnectWise, ServiceNow)

Qualifications: Education and Experience

• Bachelors degree in computer science, Information Technology, or a related field.

• Experience of 2 to 3 years relevant experience.

• 1+ year of professional work experience in cyber security field

• 1+ year of experience with Security Event / Alert Management, Incident Response, and Change Management Processes
• 1+ year of experience handling security events related to Malware Detection and Analysis, Indicators of Compromise (IOC), Email Phishing, Endpoint Detection and Response (EDR)
• Knowledge of Runbooks, Playbooks and following Standard Operating Procedures

• Strong troubleshooting and problem-solving skills.

• Excellent communication and interpersonal skills.

• Ability to work independently and as part of a team.
• Strong organizational and time management skills.
• Willingness to work after hours and provide on-call support.