Job Description
The SOC Analysts work collaboratively to detect and respond to information security incidents, maintain and follow procedures for security event alerting, and participate in security incident investigations. The SOC analyst is responsible for investigating security events by performing the following:
- Monitoring
- Researching
- Classifying
- Analyzing
The SOC Analyst's Primary Responsibility Is To Determine What Alerts Or Abnormal Activity Represents a Real Threat To Citco Assets And Data, By Performing Threat Identification, Containment, Eradication, Analysis And Reporting. The SOC Analyst Achieves This By Working With Threat Protection Solutions Like
- Security Incident and Event Management (SIEM)
- Endpoint Protection (EPP)
- Endpoint Detection & Response (EDR) systems
- Email Threat Protection (ETP) platforms
- Security Orchestration, Automation and Response (SOAR) platform
- Intrusion Prevention Systems (IPS) or NGFW's
- Others
The SOC Analyst is expected to understand fundamental networking and security principles as well as be familiar with common network and endpoint security threat protection solutions. A strong candidate will have a proven understanding of current cyber threats, threat intelligence and an understanding of attack trends relevant to an enterprise environment.
Security Analysts work with and learn from experienced security team leaders and use the latest technology to detect, analyze and limit intrusions and security events. Candidates must be willing to work in a 24x7x365 SOC environment, demonstrate intuitive problem solving skills and allow for flexible scheduling. The SOC Analyst must be competent to work at a high technical level, have a good understanding of threat routes/pathways, identification of potential/active threats, and understand how threat vectors can impact the environment.
Responsibilities
- Monitors and analyzes Intrusion Prevention Systems (IPS) and Security Information and Event Management (SIEM) to identify security issues for remediation
- Performs network and endpoint security monitoring and incident response
- Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies
- Creates, modifies, and updates Security Information Event Management (SIEM) rules
- Escalates alerts regarding intrusions and compromises to the network infrastructure, applications and operating systems.
- Assists with analysis of threat data obtained from proprietary and open source resources to provide indication and warnings of impending attacks against networks within the relevant vertical
- Prepares briefings for SOC Manager and reports of analysis methodology and results
- Creates and maintains standard operating procedures and other similar documentation
- Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty
- Work independently with or without direction and/or supervision
- Demonstrate effective teamwork and working relationships with others, both from CITCO and security vendors
- Other projects and responsibilities, as assigned by direct supervisor
Qualifications
- 2 to 4 years of experience in an in-house Security Operations Center team, or in an Security Consulting firm with an understanding of networking principles in a global environment across multiple data centers
- Candidates must be able to work a flexible schedule within a 24x7x365 Security Operations Center (SOC) environment, as well as may be expected to work holidays.
- A strong candidate is expected to have some or all of the following traits:
- Excellent analytical and problem-solving skills and interpersonal skills to interact with team members and upper management
- An understanding of cyber security incident response and network security monitoring
- Fundamental understanding of computer networking (TCP/IP), knowledge of windows, Linux and palo alto operating systems and information security principles
- Knowledge of intrusion detection/prevention systems (IDS/IPS) and SIEM technologies in an enterprise environment
- Good knowledge of endpoint protection (EPP) and endpoint defense and response (EDR) solutions
- Drive to learn and a desire and motivation to achieve IT security related certifications
