Security Operations Center Analyst - Tier 3
Dallas, TX
Full time
3 days onsite 2 remote
The Security Operations Center (SOC) Analyst provides dedicated monitoring and analysis of cyber security events. The Analyst will perform analysis of security events to include: validation, escalation & reporting of indicators or attacks, compromise, threats interest. They are responsible for ensuring the SOC analyze, triage, and suggest remediations to reduce threats in the environment. Deliver excellent customer service.
Responsibilities
- Ability to confidently and simply explain technical security issues.
- Familiar with MITRE ATT&CK Framework and TTPs.
- Review threats and incidents related to vulnerability scanning and determine root cause analysis, conduct validation and recommend remediation.
- Provide the various business units with incident response and threat and vulnerability management services as required by the business.
- Conduct hands-on analysis of high volumes logs, network data, and other attack artifacts in support of incident investigations utilizing SIEM platforms.
- Maintain awareness of new and emerging cyber-attack and network threats correlated with Threat Intelligence and CISA Reporting.
- Conduct incident response and triage of security events that contribute to indicators of attack or compromise.
- Provide suggestions, solutions and integrations to improve SOC Operations.
- Assist with escalations, reporting procedures and investigations
- Provide Knowledge of TCP/IP communications and how common protocols and applications work at the network level to include DNS, HTTP, and SMB
- Ensure security appliances, data sources and configurations up to date, and
- Working knowledge of PowerShell or Python to automate daily tasks.
- Works well in a cohesive team environment to include being able to work alone with minimum guidance.
Education and Experience Requirements:
- 1+ year of experience working in a Security Operations Center
- Bachelors of Science or Bachelors of Arts degree, preferred
- Preferred certifications: GCIH, Security+, C| EH, SSCP, CySA+
Additional Requirements:
- Ability to demonstrate analytical expertise, attention to detail, excellent critical thinking, logic, and solution orientation to learn and adapt quickly
- Experience with EDR appliances and reading firewall, IDS/IPS technology logs is a plus
- Experience with common incident response tools and technologies
- Knowledge of Linux operating systems and command line tools
- Knowledge of cyber threat capabilities and technical capabilities to defend networks and systems
- Ability to translate technical jargon so end-users to upper-management understand the events and issues.
- Excellent initiative and ability to document work.
- Experience with either threat and vulnerability management (Rapid7-Nexpose or Tenable-Nessus).
- Experience with Kali Linux, nmap, hack-the-box or TryHackMe is a plus.
