Security Operations Center Analyst

Job Description:

The Security Operations Center is responsible for providing 24/7, 365 monitoring, detection, and response capabilities. This includes event, cloud security, and DLP monitoring, as well as a role in the incident response process. The Tier 3 SOC Analyst serves as an escalation point for Tier 1 and Tier 2 Analysts within the SOC and provides advanced analytical and investigation support for complex incidents to assist in containment and mitigation of threats.

The Tier 3 Security Operation Center (SOC) Analyst is responsible for providing oversight during day-to-day operational tasks for Tier 1 and 2 analysts within the SOC, as well as advanced technical investigation capabilities to respond to security incidents. The analyst will serve as the escalation point for all SOC analysts, and as an interface with the Advanced Threat Hunt and Intelligence team for the SOC.

Position Responsibilities:

Provides advanced technical investigation and forensics capabilities across malware, phishing, cloud access security brokers (CASB), network, and configuration compliance domains.

Responds to and mitigates security incidents based on defined process and procedures to contain and eradicate threats.

Resolves or escalates investigations to CSIRT as required, in coordination with the SOC Manager.

Interfaces with the threat hunting and threat intelligence teams to build proactive searches / signatures in the SIEM or security application to enhance detection capabilities.

Performs sampled reviews of investigated incidents by Tier 1/Tier 2 Analysts to improve ticket quality and provides feedback to coach junior Analysts.

Documentation and Support

Participates in the development / enhancement of process and technologies impacting the SOC and the broader Cyber Defense Operations function.

Collaborates closely with the SOC Manager to develop recommendations and/or technical implementations to improve workflows within the SOC, including the use of automation and optimization of processes.

Collaborates with other Engineering and Operations teams within the bank to troubleshoot, respond, and improve detection capabilities.

Handles sensitive information in accordance with the Corporate Information Protection Policy.

Position Qualifications:

Bachelors' Degree from an accredited university in Computer Science, Engineering, Information Systems, or Cyber Security or equivalent degree OR High School/GED with 6 years relevant and/or transferable experience

5 years of experience in information security/technology experience preferably in a SOC/ NOC

4 years of experience using various operating systems and industry standard monitoring, logging, alerting and investigation processes

2 years of experience in incident response

2 years of experience with scripting skills in common languages (e.g. PowerShell, Python, Java, Bash

Licenses/Certifications:

CompTIA Network , CompTIA Security , GCIA, GCIH, GREM, or GPEN preferred