Security Operations Center Analyst

Position: Security Operations Center Analyst
Location: Remote
Responsibilities:

• Work as part of a team of Information Security professionals supporting a global enterprise.
• Triage and respond to information security incidents reported via SIEM (Sentinel), ticketing system (ServiceNow), and other sources.
• Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences.
• Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events.
• Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks.
• Research, analyze and understand log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems.
• Automate manual processes via scripting and utilization of various tools and platforms.
• Perform raw data review in an effort to identify malicious activity for which signatures/content do not exist.
• Assist with the development of new content and tuning/filtering of existing content for SIEM, IDS/IPS, and other security technologies.
• Assist management in ensuring the team is executing on core responsibilities such as working incidents through to completion, ticket queue maintenance, documentation evergreen, training requirements, etc…
• Work with management to define /update standard operating procedures and response plans.
• Support efforts of Technical Directors and/or Management during all phases of the Incident Response process.
• Serve as a primary escalation point for security incidents.
• Manage or contribute to projects that directly correspond to the maturity and/or capabilities of the Security Operations team.

Required Skills:

• Direct involvement with Microsoft Azure Sentinel, Microsoft Threat Protection suite of security solutions (Defender ATP, Azure ATP, Office 365 ATP, Microsoft Cloud Application Security), Azure Active Directory, Azure Security Center, Azure Log Analytics, Azure Data Exchange and M365 suite of solutions.
• Kusto Query Language (KQL).
• Advanced knowledge of computer networking: TCP/IP, routing and protocols.
• Advanced knowledge of packet structure and previous experience performing in-depth packet analysis.
• Advanced knowledge of Incident Response methodologies and information security best practices/technologies.
• GCIH, GCIA, CISSP or equivalent knowledge/experience required.
• Advanced knowledge regarding the administration, use, securing and exploitation of common operating systems.
• Minimum of 3 years’ experience utilizing HIDS/NIDS, SIEM, anti-virus, packet capture tools, host based analysis technologies in a security analyst capacity; preferably within a 24x7x365 operations environment.
• Mentor junior analysts and act as point of escalation for guidance and questions.
• Must be willing to work 1st or 2nd shift; and work off hours in response to larger events.
• Minimum of 3 years’ experience analyzing log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required.
• Strong proficiency with Windows and Unix/Linux command line.
• Expert knowledge of obfuscation techniques used to encode/encrypt malicious traffic/data.
• Familiarity with a standardized incident response framework (SANS/NIST).
• Research and analytical background and an analytical approach; especially with respect to event classification, event correlation, and root cause analysis.
• Scripting experience with Python, Perl, SQL, and/or PowerShell required.
• Willingness to serve as a member of an Incident Response Team (IRT) which may require responding to emergency calls during non-business hours.

**US Citizenship requirements- as this role supports services provided to the federal government and/or a federal government contractor, proof will be required to verify US citizenship status at time of hire.**