SOC Analyst

Job Description

Reporting to the IT Security Manager, the IT SOC Analyst is a position based in Cary, NC / Vancouver, Canada / Bangalore, IN / Shannon, IE.

Responsibilities:

• Characterize and analyze network traffic, logs and endpoint activity to identify anomalies, malicious or potential threats to Arista's assets; Perform event correlation using information gathered from a variety of sources (network and endpoint logs) to gain situational awareness to detect, confirm, contain, improve, and recover from attacks.

• Respond to attacks found , interacting with users to remediate systems or repair damage caused

• Perform detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.

• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information; Determine tactics, techniques, and procedures (TTPs) for intrusions.

• Isolate assets and remove malware; Reconstruct a malicious attack or activity based on malicious samples seen on endpoints, phishing emails or in network traffic; Perform root cause analysis. 

• Develop content for cyber defense tools; Help with the construction of signatures or indicators of compromise (IOCs) which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.

• Notify SOC managers and Security Analysts of suspected cyber incidents and share the event's history, status, and potential impact for further action following the cyber incident response plan and procedures.

• Exercise user-oriented approach while handling security incidents to ensure that user impact is minimized as much as possible and the situation is well articulated to users

• Document ongoing incidents, after action reports and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.

• Work closely with the various IT teams to maintain the workstation compliance, as per the Security norms/standards

• Acknowledge, analyse and validate incidents received through other reporting mechanisms such as SIEM/ Monitoring platforms, email, phone calls, management directions, etc.

• Administer security-dedicated systems (Software, Firewall management, EDR, NDR, log collection, reporting , analytics, Cloud Security consoles) as appropriate.

• Work with internal teams to resolve computer security incidents and vulnerability compliance.

• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

• Support Incident Response efforts - evidence collection, documentation, communications, and reporting.

• Handling support of PC and Mac based users with security related problems 

Qualifications

• BA or BSc. in Computer Science, Management Information Systems, Information Assurance or related field (Advanced degree desirable) with minimum of 2+ years of work experience in the field of Computer Security 

• Log correlation among network defense tools and endpoint security technologies

• Expert knowledge is desired of laptop operating systems (MacOS, Windows and Linux)

• Lead efforts during one or more phases of Incident Response lifecycle

• Proven project management experience a bonus - specifically experience in managing remote office configuration and bringup and working with remote/off-site vendors

• Experience with, and like to remain aware of, recent cyber threats.

• Preferred certifications: GCIH, GCFA, CEH, Network+, Security+ or equivalent industry standard certifications

• Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis. 

• Knowledge of frameworks such as MITRE att&ck would be desirable. 

• This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

• Salary is competitive and commensurate with experience and qualifications.

Additional Information

All your information will be kept confidential according to EEO guidelines.