SOC Analyst - Level 1 null

Job Description:

Responsibilities:

• Provide eyes on glass real-time security monitoring in a 24x7 environment by monitoring security infrastructure and security alarm devices for Indicators of Compromise utilizing various SIEM and cyber security tools

• Perform initial assessment of incoming alerts (assessing the priority, determining severity in respect to customer environments as well as correlating additional details) and coordinate with Senior Analysts for high priority incidents, where necessary

• Provide basic security event detection and initial triage of security events, opening tickets in designated ticketing systems within SLO and/or SLA guidelines

• Provide health and availability analysis, opening tickets in designated ticketing systems within SLO and/or SLA guidelines

• Follow documented escalation procedures

• Identify recurring incidents for problem management purposes

• Coordinate with Senior Analysts for high priority incidents.

Requirements:

• Strong documentation and communication skills

• Exceptional problem-solving skills

• Proactive in engaging with customer reps, client executives and Telecommunication management teams

• Basic knowledge in network technologies

• Knowledge of Transmission Control Protocol/Internet Protocol (TCP/IP), RCF 1918 and common attacks against TCP/IP protocol

• Good knowledge of Server Operating System

• Basic understanding of threat landscape and indicators of compromise

• Basic understanding of current cyber security threats, attacks and countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, ransomware, botnets, command and control (C2) activity, etc.

Preferred skills/qualifications:

• Information Technology security related certifications such as but not limited to - CompTIA A+, Network+, Security+, Linux related certifications, Cisco CCNA, Microsoft Certified Azure Fundamentals, AWS Cloud Practitioner, SANS GSEC.

• Basic understanding of command line scripting and implementation (i.e., Python, PowerShell, Bash Shell).

• Some experience with tools such as Active Directory, Cisco IOS, MS Server, AMP, Arcsight ESM, Splunk ES, Azure Sentinel, Logrythm, Rapid 7, SNORT, Yara, IronPort, and Firepower is preferred.

• Strong understanding of networking (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS)

• Ability to perform NetFlow / packet capture (PCAP) analysis.

• Associates degree in Computer Science, Information Security or similar discipline.

• Ability to write new content/searches/scripts (e.g., Splunk dashboards, Splunk ES alerts, QRadar, RSA Netwitness, SumoLogic, etc).