What are the responsibilities and job description for the SOC Support position at Teamware Solutions?
Job Title: SOC Support
Primary Responsibilities
Tracks and analyzes activity on servers, endpoints, networks, applications, databases, websites on other technology systems
- Provides a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident
- Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
- Operate security monitoring, investigation, and reporting tools
- Provide daily operational oversight of incidents and alerting from multiple platforms
- Own technical development in one or more of the following areas: Detection, Cyber Intelligence, Monitoring, Analysis
- Create, manage, and dispatch incident tickets associated with deception detections and alerts
- Identify necessary tools or processes to improve the efficacy of the team
- Receive, analyze, and respond to alerts, to include after hours, holidays, and weekends during incidents or priority events
- Coordinate with Managed Security Service Provider(s) to investigate events and incidents
- Design and coordinate the build out of the Security Operations Center processes and procedures
- Develop and maintain the Security Operations Center framework
- Augment detection capabilities of the SIEM tool
- Provide security reports and metrics
- Perform incident identification and triage according to NIST standards
- Assist with annual Security Incident tabletop testing
- Perform network and host forensics in response to security events and incidents
- Analyze malware and other attacker Tactics, Techniques, and Procedures in response to security events and incidents
- Provide on-the-job training, mentoring, and guidance/oversight for new and/or junior analysts
- Perform threat hunts in addition to developing and maintaining threat hunting strategies
- Maintaining understanding of current events, latest threats, and industry trends relating to information security
Basic Qualifications
- Knowledge of basic IT and cybersecurity procedures and frameworks, or a closely related field as normally obtained through the completion of a High School Diploma / Bachelor's Degree in Computer Science, Engineering, or a related technical field (or commensurate experience)
- Offer Experience should include leading and coordinating incident response efforts in relation to information security events, chronologically summarizing incidents and document incident reports, leading analysis, and remediation efforts among various teams within the organization, managing process documentation, providing metrics to leadership, standing up meetings and incident coordinating for information security incidents
- Strong analytical ability
- Ability to apply critical thinking skills
- Customer service orientation is essential
- Effective communication and written skills
- Ability to lead and independently triage, analyze, and respond to information security alerts, including decision-making
- Knowledge of information security standards and industry best practices
- Experience writing reports and documenting events/incidents/investigations
- Builds constructive relationships with internal and external stakeholders, and mentors security operations analysts
- An aptitude for learning is also critical for success in this role, as well as a demonstrated ability to adapt to the changing demands of business
- Tracks and analyzes activity on servers, endpoints, networks, applications, databases, websites and other technology systems
- Provides a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident
- Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
- Familiarization with the following tools:
- Symantec BlueCoat
- Cyber Ark
- CounterAct ForeScout
- McAfee ePO
- Cisco FirePOwer
- Sailpoint IdentityIQ
- RedSeal
- Impreva SecureSphere
- RSA Netwitness
- Tenable.sc
- Splunk
- NetworkCritial TAPs
- Authentic8 Silo
- Proofpoint
- CentryLink DDos Protection
- ISACA Certified Information Security Manager (CISM) Certification
- One or more technical security certifications:
- GCIH – GIAC Certified Incident Handler
- SSOC – GIAC Security Operations Certified
- GMON – GIAC Continuous Monitoring Certifications
Job Type: Contract
Pay: $23.82 - $35.00 per hour
Schedule:
- 8 hour shift
Experience:
- Linux: 1 year (Preferred)
- Cybersecurity: 1 year (Preferred)
- Information security: 1 year (Preferred)
Ability to Commute:
- Stamford, CT 06902 (Required)
Ability to Relocate:
- Stamford, CT 06902: Relocate before starting work (Required)
Work Location: In person
Salary : $24 - $35
