Senior Security Operations Analyst | Team Lead

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity. In today’s threat landscape, your not-so-standard processes, workflows, and vulnerabilities require more than just a standard approach to cybersecurity. You need a smarter, stronger approach based on more rigor, more relevance, and more responsiveness. That is why more than 1,200 organizations in every sector from manufacturing to financial services, healthcare to technology and business services to hospitality rely on Avertium for cybersecurity services.  
The Lead Security Operations Analyst collaborates closely with clients to deliver proactive support, minimizing security risks within their network. You will be responsible for implementing and upholding security protocols spanning application, web, and infrastructure security with clients. You will also engage with various stakeholders across the client's organization, aligning business and IT security goals. In this role, you'll lead a team of analysts, overseeing daily SOC operations to ensure seamless delivery of cybersecurity services to our clientele. Your technical expertise, leadership abilities, and strong communication skills will be essential in maintaining the efficiency and effectiveness of our SOC operations. 

Responsibilities:

• Monitor, respond to, and analyze SIEM alerts from monitoring tools. 
• Mentor and Lead team of Analysts. 
• Create Weekly and Monthly Status Reports, including daily technical task reports and contract deliverables. 
• Respond to security tickets escalated from clients, and work collaboratively with clients to resolve issues through multi-step breach and investigative analysis. 
• Provide technical guidance to clients to enhance overall security posture within the managed products. Handle daily incidents; monitor, track, analyze and record. 
• Collaborate with SIEM Engineers to develop and refine correlation rules. 
• Work on complex tasks assigned by leadership, coordinate effort among L1, L2 and L3 Analysts. 
• Assist in defining and driving strategic initiatives to improve SOC capabilities. 
• Analyze packet captures and perform malware reverse engineering to identify and address malicious activity. 
• Phishing email attack analysis to include extraction of links and/or files to determine what the attacker is trying to gain. 
• Work with other IT professionals to resolve fast moving vulnerabilities, such as spam, virus, spyware and malware. 
• Monitor security vulnerability information from vendors and third parties. 
• Proactive Threat Hunting using industry tools and existing IDS systems. 

Qualifications:

• Strong written, verbal and non-verbal communication skills, especially conveying complex information in an understandable manner. 
• Experience with SIEM technology such as: AlienVault USM Appliance, USM Anywhere, LogRhythm, and/or Wazuh IDS highly preferred. 
• CISSP, CISA or GIAC certification is a plus. 
• 5+ years of experience working with Microsoft Active Directory. 
• Experience in managing an organization's PCI, HIPAA, or SSAE16 certification is preferred. 
• Analyze and resolve complex technical and business problems. 
• Must have proficient knowledge with three or more of the following technologies: Application / stateful / UTM firewalls; SIEM; DLP; Web content filtering; Web application firewalls (WAF); Vulnerability scanning and penetration testing; IPS/IDS; Security Operations Center operations; Wireless Networking; UNIX, AIX & Solaris, Linux, Windows Server Operating Systems; Endpoint and Malware. 
• Knowledge with NIST, FISMA, DIACAP. 
• Knowledge of Windows 2003-12, VMware and VM and Unix server platforms. 
• Working knowledge of analyzing IIS, SQL, firewall, IPS/IDS, Windows. 
• Ability to analyze IANA assigned ports (well known, registered, dynamic and private ports). 
• Ability to troubleshoot common network devices, network, vulnerabilities and network attack patterns. 
• Ability to troubleshoot Windows Event IDs. 
• Manage multiple tasks and projects simultaneously. 
• Advanced network and systems certifications such as CCNP, CCNA and CISSP, are preferred. 
• Other industry certifications such as ITIL, Microsoft, Juniper and Checkpoint are a plus. 
• Understanding of the Cyber Kill Chain and MITRE ATT&CK and experience applying them to defensive operations. 

In addition to a career in the challenging world of cyber security, Avertium offers competitive salaries, full benefits, unlimited paid time off, participation in 401(k), and opportunities for professional growth and development. We offer the opportunity to work with cutting-edge security technologies in a stimulating work environment.
Avertium provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.