SOC Analyst II

Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security,
Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!

Position Overview

With a growing client base, Thrive is continuing to build out its security team. We are looking to hire a SOC Analyst II to take a role within our Security Operation Center assist with the continuously monitor and improve our customers' security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents utilizing technology and well-defined processes and procedures. The ideal candidate will have a passion for information security and will value what a properly managed Security monitoring solution can bring to our client needs.

Primary Responsibilities

• Process investigation requests from Tier 1 SOC Analysts who perform security event monitoring using Security Information and Event Management (SIEM) from multiple sources, including but not limited to, events from network and host-based intrusion detection/prevention systems, network infrastructure logs, systems logs, applications, and databases
• Investigate intrusion attempts, differentiate false positives from true intrusion attempts, and perform in-depth analysis of exploits
• Utilize threat intelligence to identify and investigate potential security threats
• Lead incident response and threat hunting efforts for confirmed security incidents and follow through until resolution
• Develop playbooks for incident response and incident management processes, including threat triage, incident investigation, and incident resolution
  • Conduct regular reviews of playbooks to ensure they are current and effective
  • Work with cross-functional teams to ensure that playbooks are aligned with the overall security strategy and goals
  • Participate in tabletop exercises and drills to test and validate playbooks
  • Monitor and evaluate security incidents to identify opportunities for improving playbooks
  • Keep up-to-date with current security threats and trends to ensure that playbooks are relevant and effective
• Actively investigate the latest security vulnerabilities, advisories, incidents, and TTPs (tactics, techniques, and procedures) and work with Security Engineering team to recommend use cases.
• Proactive monitoring, threat hunting, and response of known and/or emerging threats
• Carry out Thrive’s information security strategy both internally and externally for 400+ clients in the northeast
• Analyze data from our SOC and SIEM and determine if further analysis is needed
• Work within Thrive’s security standards and best practices and recommend future enhancements
• Manage our clients’ security awareness training to help their end users be as safe as possible
• Stay abreast of security events and techniques to keep our clients protected
• Build awareness through training and education

Qualifications

• Has advanced knowledge of the following systems and technologies:
  • SIEM (Security Information and Event Management)
  • TCP/IP, computer networking, routing, and switching
  • IDS/IPS, penetration and vulnerability testing
  • Firewall and intrusion detection/prevention protocols
  • Windows, UNIX, and Linux operating systems
  • Network protocols and packet analysis tools
  • EDR, Anti-virus, and anti-malware
  • Content filtering
  • Email and web gateway
• Demonstrates comprehension of good security practices
• Professional experience in a system administration role supporting multiple platforms and applications
• Ability to communicate network security issues to peers and management

Required Qualifications

• Computer Networking & Security
• Vulnerability Discovery and Analysis
• Operating System Internals
• Familiarity with TCP/IP network protocols, application layer protocols (e.g., HTTP, SMTP, DNS, etc.)
• Excellent Written and Verbal Communication Skills

Preferred Qualifications:

• Knowledge of common Windows and Linux/Unix system calls and APIs
• Understand Anti-Virus
• Knowledge of programming languages
• Knowledge of internal file structures for file formats commonly associated with malware (e.g., OLE, RTF, PDF, EXE, etc.)