SOC Analyst L2

Join a highly skilled and motivated team of Cyber Security Professionals tasked with protecting Coretek and its customers. The Cyber Security Analyst role is primarily focused on responding to alerts, detection of IOCs (Indicators of Compromise), incident response, alert/SIEM tuning, threat hunting, and triage. Leverage Microsoft Sentinel as well as, cyber case management and supplementary tools to investigate, contain, and remediate cyber security incidents. The Cyber Security Analyst must have a drive to learn and grow as the industry changes and Coretek adapts rapidly.

• Respond to alerts and validate
• Lead or support Incident Response investigations for Coretek and Coretek customers
• Coordinate efforts with 3rd party SOC teams for joint operations
• Perform analysis of logs and alerts to differentiate security incidents from security events
• Discover and correlate relationships between unrelated event information as part of an investigation
• Obtain corroborating evidence through packet analysis of network traffic
• Coordinate with appropriate teams to provide incident handling and response support
• Continuously improve incident response procedures & runbooks
• Handle security incident escalation via Cyber Case Management tools, SIEM, ITSM, email, phone, or walk-up
• Manage security incidents to completion and work with internal teams for remediation or escalation assistance
• Gathering forensic evidence
• Analyzing events based on digital artifacts
• Determining mitigation/remediation/security improvement opportunities
• Working with stakeholders to communicate findings

Requirements

• Experience in incident response, investigation, system forensics, or related cyber security education
• Formal education or certifications in incident response, forensics, cyber security case management, IT technology, networking, or related topics
• Experience reviewing and analyzing log data from various network and security devices
• Experience with well-known information security related tools for packet capture, network/OS fingerprinting, and communication
• Familiarity with Windows and Linux operating systems including command line operation
• Possess a strong foundation in networking fundamentals with deeper knowledge of TCP/IP and other core protocols
• Knowledge of common network-based services and common client/server applications
• Excellent verbal/written communication, interpersonal and organizational skills
• Communicate effectively with varied levels of staff to develop positive working relationships
• Ability to continuously improve skillset to combat changing threat landscape
• Excellent problem-solving skills to diagnose technical issues
• Manage customer situations professionally to aid in positive customer satisfaction
• Ability to learn innovative technology and concepts quickly
• Ability to work on a shift or on-call rotation if needed
• Experience working on a security operations team
• Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge
• Experience with enterprise SIEM products
• Experience with ITSM, SOAR, or Cyber Case Management Tools
• Scripting with Python, Perl, Bash and/or PowerShell a plus
• Database structures and queries, Regular Expressions a plus
• Experience acquiring and analyzing data from clients and servers related to security incident response
• Digital Forensic or Threat Intelligence work

PREFERRED QUALIFICATIONS:

• Experience working on a security operations team
• Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge
• Experience with enterprise SIEM products
• Experience with ITSM, SOAR, or Cyber Case Management Tools
• Scripting with Python, Perl, Bash and/or PowerShell a plus
• Database structures and queries, Regular Expressions a plus
• Experience acquiring and analyzing data from clients and servers related to security incident response
• Digital Forensic or Threat Intelligence work

EDUCATION and TRAINING:

• Degree in technology, cyber security, criminal justice, or equivalent work experience
• Security related certifications desired