SOC Analyst

Position: SOC Analyst

Location: Denver, CO - Hybrid

Position summary:

Required skills:

Rapid7 InsightIDR (XDR SIEM)

Rapid7 InsightConnect (SOAR)

Desired skills:

Advanced configuration, rule development, and integration with Rapid7 InsightIDR and InsightConnect

Proficiency in python, PowerShell and bash scripting for automation abd scripting to streamline security operations

Handson experience with API integrations for custom reporting solutions abd security toolsets

Expertise in configuration management, automation and environment standardization using Ansible and Puppet.

Proficiency in optimizing detection abd response workflows , with advanced knowledge in SIEM and SOAR tools.

Advanced knowledge of behavioural analytic s tools, firewalls, IDS/IPS, antivirus abd EDR.

Familiarity with log analysis tools, vulnerability scanner abd threat intelligence platforms.

Working knowledge of incident response frameworks such as NIST, SANS and MITRE ATT&CK.

Relevant experience required 15 yrs

Job responsibilities:

Configure and manager InsightConnect abd rapid7insightIDR, including custom parser development, optimization of correlation rules and use cases and log source integration.

Configuration Management using Ansible abd puppet to standardize abd manage SOC system configurations across multiple environments.

Leveraging puppet, python and PowerShell to automate repetitive SOC tasks, improve efficiency abd enhance incident response processes.

Orchestrate abd streamline SOC operations by developing abd maintaining paybooks in rapid7insightconnect

Recommending appropriate measures fir risk mitigation post gap identification abd analysis in security environment.

Proactively defend against emerging risks by staying up to date with threat advisories, penetration techniques abd latest vulnerabilities.

Provide hands on support SOC team by leading incident response activities, ensuring quick detection, analysis and resolution of security incidents

Differentiate false positives from genuine threats to minimize incident noise and conduct in-depth analysis of security events to identify successful intrusions and compromises.

Ensure thorough documentation and resolution by leading investigations of incidents escalated by Level 1 team.

Interim defensive measures to be implemented until deployment of permanent solutions.