Lead SOC Analyst

Role: Lead SOC Analyst

Location: New York, NY (On-site)

Must Have E-Commerce exp

Role Description

• SIEM Management and Optimization:
  • Configure, manage and fine-tune Sumo Logic SIEM to ensure effective monitoring and alerting of security events.
  • Develop and implement SIEM rules, correlation searches, and use cases within Sumo Logic to detect and respond to potential security threats.
  • Conduct regular health checks and performance tuning of the SIEM system.
• Incident Investigation and Response:
  • Lead the investigation of complex security incidents, including data breaches, malware infections, and unauthorized access.
  • Perform detailed forensic analysis of compromised systems and networks.
  • Coordinate incident response efforts with cross-functional teams to contain and mitigate threats.
  • Document and report on security incidents, findings, and recommendations.
• SOAR Integration and Automation:
  • Design, implement, and manage SOAR workflows to automate repetitive security tasks and streamline incident response processes.
  • Integrate SOAR solutions with existing security tools and platforms to enhance operational efficiency.
  • Develop playbooks for automated responses to various security scenarios.
• Threat Intelligence and Analysis:
  • Gather, analyze, and disseminate threat intelligence from multiple sources (e.g., open-source, commercial feeds, ISACs).
  • Utilize threat intelligence to identify and prioritize potential threats to the organization.
  • Conduct threat hunting activities to proactively identify security risks and vulnerabilities.
  • Collaborate with threat intelligence partners and communities to stay updated on the latest threats and trends.
• Endpoint Detection and Response (EDR):

Deploy, manage, and monitor EDR solutions to detect and respond to endpoint threats.

Analyze EDR alerts and take appropriate actions to mitigate threats.

Conduct endpoint forensics and analyze malware to understand and neutralize threats.

Mentoring and Leadership:

• Oversee daily operations of the CSOC, ensuring efficient incident detection and response.
• Lead and mentor a team of security analysts, providing guidance and support.
• Prepare and present regular reports on security incidents, trends, and performance metrics.
• Provide recommendations for improvements based on analysis of security incidents and trends.
• Provide mentorship and guidance to junior analysts within the CSOC team.
• Lead training sessions and workshops to enhance the skill set of the team.
• Act as a subject matter expert (SME) on security incidents and SIEM/SOAR best practices.
  

Key Qualifications

• Bachelor s degree in Computer Science, Information Security, or related field. Advanced degree preferred.
• Minimum of 4-6 years of experience in a SOC or CSOC role with a focus on SIEM, incident response, SOAR, and threat intelligence.
• Professional certifications such as CISSP, CISM, GIAC (GCIH, GCIA, GCFA), CEH, or similar.
• Proficiency in managing and optimizing Sumo Logic SIEM.
• Hands-on experience with SOAR platforms.
• Strong understanding of cyber threat intelligence frameworks and methodologies.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong written and verbal communication skills.
• Ability to work in a fast-paced, high-pressure environment and manage multiple priorities effectively.
  

Preferred Skills

• Experience with cloud security platforms and technologies (AWS and Azure).
• Knowledge of regulatory and compliance frameworks (e.g. PCI-DSS, ).
• Familiarity with scripting and programming languages (e.g., Python, PowerShell).
• Knowledge of Cloud IDP solutions (e.g. Okta, Azure etc)