SOC Analyst

We have team members in the US, UK, Canada, India and the Philippines. Our remote work policy allows us to accommodate our employees’ need for flexibility. Our family forward mentality and work-life balance focus empower our employees to live their best life at Agio.

WE OFFER:

• Competitive salary
• Comprehensive health benefits including medical and dental for team member + family with immediate coverage
• Life insurance
• An inclusive and extended parental leave policy
• Uncapped vacation time off
• 10 paid holidays
• 10 paid sick days
• 32 hours of paid volunteer time off
• Pension plan + matching
• Training and growth opportunities
• A multicultural and diverse team
• A supportive work environment
• Social events
• Agio swag
• And more

Reporting to the Director of Cyber Operations, you will help to protect the integrity and confidentiality of our client's data and infrastructure by implementing measures to prevent breaches. Within the Agio community, you will partner cross functionally as well as within a strong team of cybersecurity professionals across our global organization.

• Arrangement: Hybrid (2 days onsite, preferably between Tuesdays-Thursdays)
• Location: Arthur Place 24-26 Arthur Street Belfast, Northern Ireland BT1 4GF

• Support a 24/7/365 Security Operations Center and monitor security tools
• Provide Tier 1 and 2 response to security incidents
• Respond to cybersecurity events and incidents caused by internal and external threats to our clients, coordinate response activities with various stakeholders, and recommend mitigation strategies
• Handle incidents as defined in playbooks and standard operating procedures, and advise on remediation actions
• Perform deep-dive incident analysis by correlating data from various sources and determine if a critical system or data set is affected
• Identify and design use case algorithms
• Assist customers in implementing sound and secure logging practices, deployment of agents and sensors
• Leverage advanced knowledge of security operations, cyber security tools, intrusion detection, and secured networks to integrate with the SIEM platform
• Triage emerging threats to protect assets and information in client environments.
• Partner with cross-functional technical teams to share expertise, research threats, and implement solutions
• Present reports and produce communications, e-blasts and other forms of communication that may be both internal and client facing, to include leadership and executive management
• Draft root cause analysis reports and recommendations after cybersecurity incidents
• Identify risk areas that will require vulnerability prevention
• Stay current with Security technologies and make recommendations for use based on business value

Requirements

• SIEM administration, configuration, and optimization experience with platforms such as Alien Vault, IBM QRadar, ArcSight or LogRhythm
• Threat hunting experience
• Malware reverse engineering and outbreak management experience
• Experience participating in and acting as an escalation point for complex network threat investigations
• Linux command line experience
• Experience and knowledge of public cloud environments, specifically AWS and Azure
• Knowledge of regular expressions and data normalization
• Experience configuring, integrating, and monitoring endpoint protection solutions such as Cylance, Carbon Black, or CrowdStrike
• Understanding of network protocols coupled with experience with web proxies, web application firewalls, and vulnerability assessment tools.
• Experience working in a team-oriented, collaborative environment with a high level of analytical and problem-solving abilities
• Positive attitude with strong oral and written communication skills
• Knowledge of IP networking and network security including Intrusion Detection
• Familiarity with common network vulnerability/penetration testing tools
• Familiarity with service management software such as ServiceNow
• Familiarity with data visualization platforms such as Domo
• Some experience with system hardening guidance and tools
• Experience on an incident response team performing Tier I/II initial incident triage, desired
• Experience supporting clients and serving as a technical advisor
• Ability to anticipate and respond to changing priorities and operate effectively in a dynamic demand-based environment requiring flexibility and responsiveness to client matters and needs

Qualifications/Education

• BS/BA in Information Security, Computer Science or related engineering discipline, preferred
• 2+ years’ experience in technology (security, networking, systems, etc.)
• Prior experience working in a SOC required
• Financial services industry experience is a plus
• Managed security service provider (MSSP) experience is a plus

Certifications or work toward any of the following is strongly desired:

• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensic Examiner (GCFE)
• GIAC Network Forensic Analyst (GNFA)
• Cisco Certified Network Associate (CCNA)
• Microsoft Certified Solutions Associate (MCSA)
• CompTIA Security+