Senior Security Operations Center Analyst (work-from-home)

Senior Security Operations Center Analyst (work-from-home)

The Senior Security Operations Center (SOC) Analyst will perform tasks including monitoring, investigation, and triage of cybersecurity events that occur on the network or endpoint with a focus on the determination of whether said events constitute security incidents.Participate in incident response and as a consultant in security projects.

Job Qualifications:

• 1-3 years in a Security Operation Center (SOC) environment
• Must have security information events management (SIEM) competency
• Knowledge of networking architectures and protocols
• Previous cybersecurity investigation experience
• Experience writing or updating security playbooks
• Four-year degree in a Cyber Security/ Information Technology or Information Security equivalent in certifications and/or experience. GIAC GSEC or GMON, BTL1, PCRP, CISSP, CompTIA Security+ are desired certifications.

Required Competencies

• Knowledge of SIEM / SOAR technologies including but not limited to any of the following; Splunk Enterprise Security, Splunk SOAR, Siemplify, Google Chronicle a.k.a Google SecOps, Devo, IBM Qradar, Palo Alto Cortex XSOAR etc.
• Experience with Cyber Incident Response is desired.
• AWS experience is desired.
• Experience with IDS/IPS systems is desired.
• Experience with EDR/XDR solutions is required. (Crowdstrike, SentinelOne, MS Defender, Palo Cortex etc.)
• Automation experience desired; PowerShell, Python, etc.
• Excellent coordination, documentation, and organizational skills.
• Familiarity with the MITRE ATT&CK Framework
• Naturally curious puzzle/problem solver.

Responsibilities and Duties:

• Monitor and investigate security alerts from the SIEM, SOAR, IPS/IDS, Firewall, EDR/XDR, and other systems.
• Demonstrate an intermediate to advanced level of understanding of numerous security products and processes.
• Responsible for ongoing review of security use case correlation searches to provide actionable alerts.
• Understand the policy, standards, and procedures found in the Nelnet enterprise as well as understanding appropriate laws and regulations for the business.
• Be a trusted security advisor to other departments and lines of business.
• Responsible for assisting Cybersecurity Incident Response including the detection, documentation, containment, and eradication of real-time threats.
• Completes routine preventative measures and maintains/monitor network security.
• Respond to log and security inquiries from business partners and various audit requests.
• Creating and updating cyber security runbooks.

Most importantly, we are looking for people who can live by our Values:

• Providing superior customer experiences
• Creating an awesome work environment
• Pursuing opportunities for diversification and growth
• Communicating openly and honestly
• Giving back to the communities in which we live and work