Jobs search

L2 - SOC Analyst - Scottsdale, AZ (On-site)

GMI • Scottsdale, Arizona, United States • 3w ago

ABOUT THE ROLE

Title: SOC Analyst L2

Department: Managed SOC

Classification: Full-time, Exempt

Reports to: SOC Manager

Manages: N/A

Location: Scottsdale, Arizona

Travel: < 5%

On-Call: Yes

PRIMARY FUNCTION

The L2 SOC Analyst plays a key role in the delivery of GMI services. The focus of this role is to deliver assigned projects or managed SOC services efficiently, effectively, on time and within budget, ensuring the highest level of client satisfaction. The L2 SOC Analyst works under the direction of a SOC Manager and Principal DevOps Engineer who provides oversight and guidance.

The primary function of this role includes investigating and analyzing security events (attacks, alerts, event logs, etc.) to provide actionable remediation guidance and collaborating with highly skilled cyber experts to mitigate evolving threats. This role is expected to perform as a continuous learner seeking to become a subject matter expertise on emerging threats for assets, identities, clients, metric and reporting, and interactions to ensure business and regulatory directives have been met. The L2 SOC Analyst will be required to communicate with internal and external staff and independently to investigate and analyze incidents, determine root cause analysis, and consult on department initiatives and projects, develop supporting documentation to meet design specifications of layered defensive strategy, and perform knowledge transfer to internal GMI team members.

GENERAL RESPONSIBILITIES

People are the most important part of GMI and the reason we are successful. The Analyst will:

Demonstrate and promote an understanding and commitment to the GMI culture and core values
Build credibility with clients by setting and executing against expectations in line with managed scope
Maintain and proactively manage utilization target assigned by leadership
Ensure accurate time reporting and accountability to tasks
Outstanding work ethic with a proactive mindset and passion for Cyber Security
Demonstrates ability to a continuous learning and process improvement environment
Speak fluently about GMI services and communicate business opportunities to the sales team
Identify and foster industry relationships to promote the GMI brand

Process is a foundational component of our service delivery and guides our team to success. The IR Analyst will:

Work directly with the internal engagement lead and client to review sold projects or services prerequisites, review and gather requirements, design, and implement solutions
Review expectations committed to during the sales process, understand and manage any changes in expectations and manage them throughout the engagement, communicate and resolve exceptions with leadership
Collaborate with internal team members to drive client success through innovation, experience and thought leadership
Continuously improve product and process through project execution experience
Continuously optimize internal GMI delivery "run-books" and internal delivery documentation

Technology expertise is why our customers trust GMI. We deliver custom solutions based on specific customer challenges. The IR Analyst III will:

Serve as an escalation point for L1 SOC Analyst, while working collaboratively and independently to triage potential incidents
Ability to research, analyze, and document findings, including root cause analysis
Provide advanced subject matter expertise, guidance, and recommendations to drive successful client outcomes
Implement and/or operate security technology solutions which include design development, integration plans, deliverable documentation, and knowledge transfer
Initiate research and formulate solutions without explicit direction

Receive technical mentoring by a senior member of the team
Execute a technology training regimen, overseen by a senior member of the team, to advance capabilities
Provide mentoring to peers

QUALIFICATIONS

Education

A bachelor's degree in CS, Math, Engineering, MIS, CIS or related field is preferred, but not required.

Skills and Certification

Vendor or industry technical certification(s) - One or more of each preferred

Google IT Certificate, Azure Certified Administrator, CCNA
CompTIA Network CompTIA Security+, (ISC)� Cyber Security
GSOC, GMON, GSEC, GISF, GCWN

Proven knowledge of laws, regulations, policies and ethics as they relate to cybersecurity and privacy
Proven knowledge of security concepts, data protection, cyber-attacks and techniques, threat vectors, risk management, vulnerability management, and incident management and response.
Knowledge of OSI model, protocols, to perform isolation and additional actions during security events.
Intermediate to advanced scripting capabilities (PowerShell, python, etc.)
Demonstrated skills in one or more of the following domains:

Systems Administration - Windows or *nix
Windows Management technology - AD, GPO
Networking - OSI Model, Cisco, Checkpoint, Fortinet, Palo, etc.
Network Analysis tools - Nmap, Net witness, Wireshark, etc.

Identity Management SIEM - Elastic Stack, Splunk, Nitro, etc.
Operating Systems - Server and Desktop
Security Solutions or Software Vulnerability management - CrowdStrike, Nessus, Rapid7, Burp Suite, etc.

Knowledge and Experience

A minimum of 3-5 years in relevant security education is required
Advanced ability to develop and present technical material to all audience levels
Accountable self-starter with advanced organizational and interpersonal skills
Advanced time management, prioritization, problem solving, and decision-making skills

Additional Information

While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear, and use hands and fingers to operate a computer
Ability to sit at a computer terminal for an extended period
Light to moderate lifting is required
Reasonable accommodations may be made to enable individuals with disabilities to perform these function

Benefits