Security Operations Center Analyst

Overview

The Security Operations Center (SOC) Analyst I provides support to One Source’s Managed Security Services customers. The SOC Analyst I should have a background and general experience within Information Technology, and a basic knowledge of cyber security practices. The SOC Analyst I should also have a thirst for knowledge and an ability to tackle new problems quickly by using available security tools to successfully remedy issues with the necessary guidance and supervision from senior team members. This role focuses primarily on security analysis (triage and preliminary investigations), while also handling basic security engineering tasks (systems, upgrades, reporting, maintenance, etc).

Responsibilities

• Basic knowledge of security concepts including, but not limited to, general security concepts, threats and vulnerabilities, digital forensics, threat hunting, incident response, security architecture, mitigation techniques, etc
• Basic knowledge of security tools and controls including, but not limited to, EDR, Network Security, Email Security, SIEM, SOAR, ITSM software, etc
• Monitors and triages security alerts generated from various security tools and controls deployed in the customer’s environment
• Prioritizes security alerts to determine when escalation is required and successfully engages SOC Analyst II or Senior SOC Analyst
• Identifies customer issues and presents them to Senior SOC Analysts and SOC Manager clearly and concisely for timely resolution
• Possesses verbal and written communication skills for daily interactions with customers and fellow team members/coworkers
• CompTIA Security Certification preferred but not required (ability to obtain within first 12 months)
• Ability to work any assigned shift within 24x7x365 SOC
• 1-2 years of security experience preferred, however if no security experience, must have 1-2 years of IT experience (e.g., Help Desk Technician, System Administrator, etc.)

Qualifications

Required Skills / Abilities:

• Firm understanding of Cyber Security fundamentals
• Good verbal and written communication skills for daily interactions with customers
• Strong knowledge of security concepts such as ACLs, Sysmon, AV, APT, IDS, IPS, EDR, DLP, SIEM, MITRE ATT&CK framework, Incident response, and Threat hunting
• Strong knowledge of endpoint security solutions
• Knowledge and experience with of email security solutions
• Experience with networking, including routing/switching/firewall/IPS/IDS
• Preference for familiarity with the following tools: FireEye, Cofense, KnowBe4, Proofpoint, ELK, DarkTrace, Firemon, Crowdstrike, Acronis, Cisco, Cisco Meraki

Documentation Repository:

• Identify when Knowledge Base Articles (KBAs) are needed and assist with the development and maintenance of the KBA repository
• Identify when SOC Playbooks are needed and assist with the development and maintenance of the SOC Playbook repository
• Ability to complete any/all necessary SOC documentation as required or assigned by the SOC Manager