Security Operations Center Analyst/Apprentice

What we're looking for:

• Prior experience or education in a variety of technologies pr programs (SIEMs, EDRs, FWs, Windows, Linux, VMs, Cisco, Juniper, IDS/IPS, DLP, Barracuda, Blue Talon, Apigee, AV, MW, RW, Proxy Servers, SQL, Oracle, C++/C+, Python etc.), and be well versed in the current state of Information Security Topics, be able to recognize network, operating system, and intrusion detection details.
• Analyst level is determined based on experience, proficiency and education.

Essential Functions (All Levels)

• Knowledge of basic business applications; i.e. MS Word, Excel, Outlook, Google/Firefox browsers & security of browser
• Knowledge of network, desktop and server technologies
• Strong verbal and written communication skills
• Exhibits professionalism through dress, camera readiness presence and conversation
• Monitor, analyze, and investigate security events in accordance with proficiency level (Apprentice/I/II/III)
• Conduct Information Security research and provide action and response
• Create and Modify collateral, with guidance, to reflect lessons learned and discovered information
• Other duties as assigned by management

Proficiency Level - SOC Analyst I: Triage

• Monitor, identify and triage alerts to determine severity and response requirement
• Ability to perform basic malware analysis, virus exploitation and mitigation techniques
• Create and manage tickets for alerts to be reviewed by a Level II or above; workshop response for learning and growth
• Schedule and perform vulnerability scans and prepare initial reports as directed
• Demonstrate working knowledge of appropriate software programs used; i.e. monitoring, investigating, and reporting
• Develop understanding of Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS)
• Prove proficiency at handling first level response for security events including but not limited to intrusion detection, malware infections, denial of service attacks, privileged account misuse and network breaches
• Stay up-to-date on information technology trends and security standards

Proficiency Level - SOC Analyst II: Responder

• Have completed training and obtained required certifications as directed by management and Partner
• Demonstrate the ability to perform advanced malware analysis, virus exploitation and mitigation techniques
• Starting to demonstrate technical knowledge in a specialty process/function
• Create and manage tickets for alerts to be reviewed by a Level III or above; workshop response for learning and growth
• Review and respond to tickets created by Level I analysts
• Point of escalation and mentoring for Level I analysts for growth
• Configure and manage security monitoring tools
• Demonstrates a solid understanding of network, desktop and server technologies
• Proven experience with network intrusion methods, network containment, segregation techniques and technologies such as Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS)
• Use threat intelligence to determine the affected systems and scope
• Consistently demonstrate the ability to identify, triage, and correlate individual events to either rule out as false positive, trigger standard detective and corrective responses, or escalating as a security incident
• Research security enhancements and make recommendations to management
• General understanding of client businesses and educates self on technical issues related to the clients’ industry

Proficiency Level - SOC Analyst III: Hunter

• Demonstrates advanced knowledge with respect to appropriate software programs used by ITSA
• Performs complex technical research and prepares conclusions for presentation to management and Partner
• Demonstrates a thorough understanding of network, desktop and server technologies
• Proven experience with network intrusion methods, network containment, segregation techniques and technologies such as Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS)
• Able to deploy, configure and monitor Security Information and Event Management (SIEM) platform for security alerts. Integrate and work with the firms Managed Security Services Provider (MSSP) services
• Able to work with project lead to implement/manage technical solutions that support internal ITSA processes
• Independently investigate security breaches and other cyber security incidents and mentor L1/L2 analysts where needed
• Conduct penetration and other testing as required and requested by management
• Recommend how to optimize existing tools and recommend improvements to efficiency and effectiveness
• Demonstrates the ability to productively work with staff and clients in the engagement and manage/complete the day to day responsibilities in the engagement
• Understands how client business operates and can identify and suggest resolutions for technical issues
• Ability to inspire client confidence through knowledge, quality of work, and project management
• Exhibits leadership qualities by communicating with confidence, welcoming feedback and demonstrating professionalism, i.e. positive attitude, good judgment, poise, professional attire and demeanor
• Takes on additional responsibilities and takes charge of the team to complete the engagement and necessary assignments
• Is Credible. The staff and clients have confidence in their leadership abilities; perceived as a highly trusted individual
• Mentor Level II/III for growth.