SOC Analyst

Responsibilities:

1. Conduct real-time, continuous 'eyes-on-glass' monitoring of security events, responses, and reporting.
2. Acknowledge tickets in ITSM according to defined service level agreements.
3. Perform security event triage and validate potential threats following standard processes and procedures.
4. Analyze, contextualize, and monitor security alerts from various advanced security platforms.
5. Utilize internal and external data sources to research and enrich event information, determining if an event warrants classification as an "incident."
6. Validate IOCs, investigate intrusion attempts, and conduct in-depth analysis and correlation of host-based logs, network traffic, and other data sources.
7. Conduct continuous monitoring of event logs, evaluating, analyzing, and correlating triggers based on established Threat Use Cases.
8. Diagnose events using identification playbooks to discern false positives or duplicates.
9. Execute daily tasks including ticket review, investigating security events effectively, communicating findings, and escalating concerns to senior staff and/or SOC Manager as needed, per the established playbooks and SOPs (Standard Operating Procedures).
10. Identify and prioritize incidents based on organizational impact or threat severity.

Qualifications:

1. 2+ years of experience in a SOC environment in incident detection and response, remediation, malware analysis, or Incident Response / forensics.
2. Hands-on experience with Microsoft Sentinel or other SIEM and EDR/XDR technologies, creating and running queries, and performing analytics, examination of logs and console events.
3. Exposure to Microsoft Defender Endpoint, CSPM/CWP, or similar technologies.
4. Experience in Web Application Firewalls and API security.
5. Knowledge or experience in cloud security (Azure).
6. Good understanding of SANS and MITRE Telecommunication & CCK Frameworks.
7. Any industry-relevant certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CySA+, GIAC are assets.
8. Strong understanding of business processes and ability to manage change and adhere to change management processes.
9. Excellent communication skills.

Nice to Have:

1. Knowledge or experience in cloud security (GCP or AWS).
2. Experience in malware analysis and reverse engineering.