Part-Time - SOC Security Analyst Level 1 (US citizen)

The Coretek SOC is responsible with the ongoing managed detection and response services for Coretek and its customers. The Part-Time - SOC Analyst level 1 is an entry level role that is primarily focused on responding to SIEM alerts and triage of cases for escalation as well as learning new skills. Analysts will leverage Microsoft Sentinel, ServiceNow SOC case management, Microsoft and other security platforms. A Coretek SOC Analyst must have the aptitude and desire to learn and grow. The team is 24x7x365 and SOC analysts will work in shifts according to staffing needs and analyst availability. The Coretek SOC consists of a multi-national team for follow the sun incident handling. For this open position we require that analysts reside in the US, be a US citizen, and be able to pass an employment background check.

The team at Coretek understands that a candidate may not immediately possess all the skills required of a SOC Analyst in a detection and response role and will develop the right candidate that shows genuine interest in cyber security. We are looking for the right candidate from a background, attitude, desire to learn, and willingness to contribute to the team. We have analysts that have come straight out of school, from the military or law enforcement, self-taught, or have changed careers into cyber security. Experience in other related fields or disciplines are always welcome and shows a candidate’s ability to adapt. Structured training as well as on the job experience is a required part of the job to bring SOC analysts up to speed when working in a service provider. SOC Analysts must have a drive to learn and develop their skills and share what they have learned with others.

We have positions open for full time, part time, and internships for college students that are in cyber security related degree programs.

ESSENTIAL SOC FUNCTIONS:

• Respond to SOC cases and SIEM alerts
• Handle security incident escalation via SOC case management (ServiceNow), SIEM, ITSM, email, phone, or walk-up
• Perform analysis of alerts, logs, security platforms, and systems
• Triage incidents/cases and validate case findings
• Escalate security incidents to internal and customer incident response teams
• Support incident response & investigations for Coretek and Coretek customers
• Coordinate with appropriate teams to provide incident handling and response support
• Use and improve incident response procedures & playbooks

Requirements

Note: Not all the below topics are required. More knowledge in the below areas will speed up your education and onboarding into the SOC.

• Familiarity with Windows and/or Linux operating systems
• Possess a foundation in networking fundamentals, TCP/IP, common network-based services, or client/server applications
• Excellent verbal/written communication and teamwork
• Excellent problem-solving skills to diagnose technical issues
• Ability to manage customer situations calmly and professionally to address
• Ability to learn new technology and concepts quickly
• Ability to work on a shift or on-call rotation if needed

HIGHLY DESIRABLE EXPERIENCE:

• Formal education or certifications in incident response, forensics, cyber security case management, Security engineering, IT technology, networking, criminology, or related topics
• Experience working on a security operations team
• Experience reviewing and analyzing log data from various network and security devices
• Experience with well-known information security related tools for packet capture, network/OS fingerprinting, and communication
• Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge
• Experience with enterprise SIEM products
• Experience with ITSM, SOAR, or Cyber Case Management Tools
• Scripting with Python, Perl, Bash and/or PowerShell a plus
• Database structures and queries, Regular Expressions a plus
• Experience acquiring and analyzing data from clients and servers related to security incident response
• Digital Forensic or Threat Intelligence work
• Degree in technology, cyber security, criminal justice/forensics, or equivalent work experience
• Security related certifications