The role will monitor cybersecurity consoles, dashboards, and/or feeds and perform alert triage and analysis, initial incident scoping and documentation, ticket escalation, and attack disruptions for pre-defined/approved conditions
Â
Key Responsibilities:
Monitor SOC mailbox, IT ticketing system, hotline, threat intelligence feeds, endpoint/data loss prevention consoles, and other security tools for alerts
Collect forensic artifacts on suspicious workstations and analyze with Forensic Analysis tools
Identify and propose areas for operational improvement within the SOC
Coordinate internal response coordination
Provide feedback on security control capability gaps based of security intrusion trends
Develop and maintain analytical procedures to improve security incident identification efficiency
Triage and validate alerts, and if warranted, escalate to Level 3 analysts or Team Lead
Support incident response activities, as needed
Adhere to approved SOC documentation e.g., processes and procedures
Assist in developing, coordinating, and implementing SOC documentation
Provide input to SOC operation metrics and reports
Provide input to SOC shift change reports to maintain continuity of operations
Â
Knowledge, Skills and Experience Requirements:
Minimum of 3 years of professional experience in operating, managing, designing, implementing, maintaining, or supporting cybersecurity technology
Minimum of 3 years of professional experience in SOC operations and/or incident response
Understanding of technologies and solutions utilized in cybersecurity and networks (SIEM, SOAR, Firewalls, IAM, IDS/IPS, End Point Protection, Threat Management/Intelligence.)
Strong understanding of intrusion detection concepts and information security defense
Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
Experience in SOC documentation development
Understanding of Incident Response analysis skills e.g., SURGE Collect
Forensic artifact examination with Volatility
Proven experience with multiple security event detection platforms