What are the responsibilities and job description for the SOC Analyst position at Xlysi?
SOC Analyst
Remote
contract role.
Primary Responsibilities:
Assist in establishing and maintaining a mature and organized Security Operations Center through the evaluation of existing and proposed SOC policies, playbooks, and procedures
Support cross team and department collaboration to monitor and respond to security events or reported issues as they arise.
Participate in regular incident responses, threat modeling activities, and retro exercises to hone and iteratively improve our detection, monitoring and reactive capabilities.
Stay current with and remain knowledgeable about developing threats through analyzing attacker tactics, techniques and procedures (TTPs) that target large cloud-first infrastructure and end user devices.
Define, create and maintain automation and orchestration solutions to automate, enrich and/or respond to ongoing threats and tasks.
Mature our incident response playbooks and procedures through triage, escalation, remediation and iterative documentation.
Research and explore new threat detection and hunting techniques across event data collected across multiple systems and environments.
Adhere to and establish service level agreements (SLAs) and create measurable benchmarks to show progress and improvement to Client’s defensive capabilities and coverage.
Specialized skill set:
Strong ethical and discretionary ability to handle sensitive information and data
Strong communication & social networking skills (written, verbal, listening) to collaborate with other teams across the organization
Excellent critical thinking and problem-solving skills
Self-motivated to research with a strong desire to understand how things work.
Highly organized and efficient
Experience:
Information security monitoring and response, security operations, or related experience, with working knowledge of/familiarity with the following areas: SIEM product, with Splunk and Splunk Enterprise Security; Cloud environment, with Amazon Web Services (AWS); Linux/Unix operating systems; General security principles, web applications and risk and compliance initiatives;
Cloud experience with AWS
Remote
contract role.
Primary Responsibilities:
Assist in establishing and maintaining a mature and organized Security Operations Center through the evaluation of existing and proposed SOC policies, playbooks, and procedures
Support cross team and department collaboration to monitor and respond to security events or reported issues as they arise.
Participate in regular incident responses, threat modeling activities, and retro exercises to hone and iteratively improve our detection, monitoring and reactive capabilities.
Stay current with and remain knowledgeable about developing threats through analyzing attacker tactics, techniques and procedures (TTPs) that target large cloud-first infrastructure and end user devices.
Define, create and maintain automation and orchestration solutions to automate, enrich and/or respond to ongoing threats and tasks.
Mature our incident response playbooks and procedures through triage, escalation, remediation and iterative documentation.
Research and explore new threat detection and hunting techniques across event data collected across multiple systems and environments.
Adhere to and establish service level agreements (SLAs) and create measurable benchmarks to show progress and improvement to Client’s defensive capabilities and coverage.
Specialized skill set:
Strong ethical and discretionary ability to handle sensitive information and data
Strong communication & social networking skills (written, verbal, listening) to collaborate with other teams across the organization
Excellent critical thinking and problem-solving skills
Self-motivated to research with a strong desire to understand how things work.
Highly organized and efficient
Experience:
Information security monitoring and response, security operations, or related experience, with working knowledge of/familiarity with the following areas: SIEM product, with Splunk and Splunk Enterprise Security; Cloud environment, with Amazon Web Services (AWS); Linux/Unix operating systems; General security principles, web applications and risk and compliance initiatives;
Cloud experience with AWS
