Title: Senior CSOC Analyst

Location: Little Rock, AR or Houston, TX (Hybrid)

The Cyber Security Operations Center Analyst is a level 3 position, will be responsible for investigating and responding to security incidents, understanding, and mitigating attack vectors, and staying abreast of the evolving threat landscape. The ideal candidate is detail oriented, a problem solver with critical thinking skills, and focused on process improvement.

Responsibilities :

• Analyze digital evidence and perform forensic analysis to determine root cause.
• Identify and implement automation with SOAR, SIEM, or similar tools to improve capabilities.
• Identify problematic trends and take proactive steps to mitigate negative impacts to customer base.
• Conduct thorough investigations into security incidents, including but not limited to, malware infections, phishing attempts, and unauthorized access attempts.
• Analyze and understand various attack vectors used by threat actors to compromise systems and data.
• Monitor and assess the threat landscape to identify emerging threats and vulnerabilities relevant to our environment.
• Monitor and participate in training and exercises to ensure CSOC team proficiency.
• Participate in post-incident reviews to identify lessons learned and best practices.
• Perform network investigations to identify and mitigate potential security risks and intrusions.
• Collaborate with cross-functional teams to implement security controls and measures to enhance our overall security posture.
• Understand and perform cloud security monitoring and improve maturity posture.
• Develop and maintain incident response procedures and playbooks to ensure effective and efficient response to security incidents.
• Support the threat hunting team to identify gaps of coverage and make recommendations on use cases for monitoring.
• Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry.
• Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management.
• Approximately 20% onsite

Requirements :

• 5 years of cyber security experience, across multiple disciplines (incident response, threat hunting, monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, etc.)
• 3 years of hands-on experience working with Security Incident and Event Management (SIEM such as Splunk), incident response in a SOC environment with a structured after-hours process
• In-depth knowledge of various attack vectors, threat intelligence sources, and the cybersecurity threat landscape.
• Experience with network investigations, intrusion detection systems (IDS), and security information and event management (SIEM) tools.
• Strong knowledge of Security orchestration, automation and response (SOAR) systems.
• Strong understanding of MITRE ATT&CK Framework
• Strong understanding of cloud environment for security principles and best practices
• Ability to perform computer network attack analysis and collaborate with counterintelligence and law enforcement investigations.
• Has experience providing guidance and mentorship to others in cyber threat analysis and operations.
• Able to proactively identify possible threats, security gaps and vulnerabilities
• Advanced knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks

• Outstanding problem-solving/decision making ability
• Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
• Exceptional interpersonal skills, including teamwork, facilitation, and training
• Strong report writing and communication and ability to effectively communicate across the organization