Vacancy expired!
The Senior SOC Analyst is responsible for all aspects of the cybersecurity response activities and for advancing cybersecurity threat practices across the company. This position researches attempts to access or compromise our systems and security measures and provides countermeasure recommendations. The Sr. SOC Analyst applies practical cybersecurity knowledge to develop new detective measures and practices to protect the company. The position requires a high degree of proven technical proficiency and familiarity with software, system and network security issues in large enterprise environments.
ROLES AND RESPONSIBILITES:
-Provide senior level subject matter expertise in cybersecurity domains
-Assess security information, triaging and responding to security events, identify false positives, and conduct correlation analysis across numerous internal and external data sources while prioritizing information security incidents.
-Identify, triage and remediate threats based on threat intelligence as well as active analysis of system log data
-Assess newly published vulnerabilities and attacker tactics, technics and procedures (TTPs) to identify possible defensive measures to locate and stop threat actors
-Serve as escalation point and support for less experienced SOC analysts to address complex and/or unusual alerts, threats, cases, requests and/ or incidents; mentor and train junior analysts
-Translate defensive measures into actionable change in coordination with the Cybersecurity Engineering Team
-Research and stay current on Cybersecurity trends, new security tools, security standards, best practices and news
-Lead Threat Hunting exercises based on internal and external threat intelligence
-Support the Forensic program - administer and maintain the forensic tools
-Support the Security Automation and Orchestration (SOAR) program - administer and maintain the tool
-Create search content for the SIEM tool using code and scripts
-Utilize strong business and technical acumen to develop use cases and build SIEM custom apps and complex searches
-Integrate additional supported log sources / devices and develop new use cases as required
-Analyze and act on actionable threat intelligence; Incorporate external threat intelligence into Darden tools to stay proactive
-Conduct forensic investigations for HR, Legal or incident response activities as directed
-Recognize and codify attacker TTPs in indicators of compromise (IOCs) that can be applied to current and future investigations
-Develop and manage metrics based on operational load, process effectiveness and supportability of the SOC
-Develop and mature the SOC playbook to protect our team members, customers, and assets
-Facilitate post incident reviews, document root causes, and actively work with impacted teams to ensure recovery
-Evaluate current security technologies and processes to identify improvement opportunities and research new technologies for future recommendations to leadership
-Support other Cybersecurity functions and teams to ensure holistic implementation of security controls, technologies, practices, and programs
REQUIRED TECHNICAL SKILLS:
-Minimum 7 years' experience in the information security field
-Minimum 4 years' experience in incident response
-Certified Information Systems Security Professional (CISSP) required plus two current security related certifications (e.g. CCNA,CCNP, CEH, GIAC, EnCE)
-Advanced event analysis leveraging SIEM tools
In depth knowledge of network security, application security, vulnerability management, forensics, incident response and penetration testing
-Demonstrated proficiency in network security concepts, such as security event correlation, TCP/IP concepts, DNS, firewall technologies, IPS/IDS, Endpoint protection, routers, switches, perimeter security, authentication, encryption, and VPN solutions
-Experience with implementing Security Orchestration, Automation and Response (SOAR) tools
-In-depth knowledge of and experience with Kill Chain and MITRE ATT&CK Frameworks
-Proven knowledge of common attack vectors such as port scans, man-in-the-middle, DoS, DDoS, malware, and web application attacks
-Experience in leading incident detection and response activities
-Proven experience in Forensics
-Familiarity with Linux, Windows and cyber forensic evidence concepts
-In depth knowledge and experience defending against common exploits, vulnerabilities and other cyber attacks
-In depth knowledge of security vulnerability concepts, viruses, hoaxes, phishing, backdoors and patch management
-Experience with built in OS shell commands and 3rd party command line and scripting tools (Python, Perl, Bash and/or Powershell)
-Ability to craft queries, YARA rules, regex, to detect threats
REQUIRED EDUCATION:
-Bachelor's degree in Computer Science, Information Technology, or a relevant field, or equivalent experience.
OTHER KEY QUALIFICATIONS:
-Strong interpersonal and consultative skills; must be able to effectively interact with other teams across the organization
-Ability to effectively prioritize and execute tasks in a high pressure environment; ability to manage multiple tasks along a parallel process-Excellent written, verbal, and presentation skills
-Excellent technical documentation skills
-Experience working in a team-oriented, collaborative environment
-Strong work ethic
-Demonstrated initiative and ownership
-Demonstrated ability to effectively interact professionally with a diverse group of people at all levels of the organization.- Develop and present comprehensive and accurate reports, trainings and presentations for both technical and executive audiences
-Ability to solve problems utilizing critical thinking, attention to detail and analytical thinking
PREFERRED SKILLS AND EXPERIENCES:
-A forensic certification is preferred
-Strong incident handling background
-Experience utilizing automation tools for incident response
