Soc Analyst

Australia's Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education. 

Nationally, AARNet interconnects Australian universities, the CSIRO, and other organisations who have a research and education mission. These include hospitals, vocational training providers, schools and museums. Internationally, AARNet interconnects the Australian Research and Education (R & E) community to the world – and continuously develops new capabilities and partnerships to facilitate seamless data access and transfer. 

We are an organisation of innovators, doers, and courageous thinkers. We are not constrained by traditional products and solutions, and we constantly strive to build the solutions that our customers will need tomorrow – today. If you have the imagination, foresight and drive to build the future, why not come and join us?

The Security Operations Centre (SOC) Analyst is a key member within the AARNet SOC, supporting the SOC Manager; you will be responsible for monitoring customer environments including AARNet to identify cyber threats, and performing investigation/response activities in line with documented processes whilst collaborating with both internal and external customer stakeholders.

As a SOC Analyst, you will have a strong hands-on and technical focus with broad security knowledge, experience and deep understanding of various SOC domains and incident stages (covering Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned). A critical success factor for this role will be the ability to effectively identify, triage and investigate an incident end to end including escalation and resolution with customers. Between monitoring and responding to incidents, you will be focused on the ongoing uplift of the SOC service capability across people, process and technology.

To help in your development and aide the SOC’s maturity you will be enabled to challenge the status quo, think outside the box and apply a growth mindset to develop new and innovative solutions to solve complex challenges. This is supported by a focus on continuous training and exposure to leading security technologies, including a big data and analytics platform providing full flexibility to build advanced defences for cyber threats with the support of our SOC Engineers.

• Conduct proactive monitoring, investigation, and escalation of security incidents;
• Recognise potential, successful, and unsuccessful intrusion attempts and compromises thorough correlation analysis of relevant event detail and summary information; 
• Investigate malicious phishing e-mails, domains and IPs using open source and sector intelligence; Provide mitigation guidance and support in response to identified threats;
• Continuously working towards high confidence and high fidelity detection rules leveraging anomalous or suspicious events in collaboration with other SOC team members, including SOC Engineers and Operations;
• Actively contribute to the continuing development of SOC architecture, processes, procedures, standards and methodologies;
• Be a power user of the Security Orchestration, Automation and Response (SOAR) platform for case management and enrichment/response playbooks;
• Utilise techniques for investigating host and network-based intrusions using SOC technologies;
• Report false positives, detection rule issues and parsing issues to the SOC Engineers and vendors for remediation;
• Work in close partnership with both internal and external (i.e., customer and vendor) stakeholders; Act as the first point of contact for security incidents and requests into the SOC in line with set SLAs;
• and, Apply cybersecurity and privacy principles to organisational requirements.

• Minimum one year in a SOC environment;
• Experience with SIEM and UEBA technologies;
• Experience with SOAR technologies and playbook development (Demisto, Cortex XSOAR and/or Phantom would be advantageous);
• Experience with EDR technologies (such as Defender ATP, CrowdStrike); 
• A thorough understanding of the MITRE ATT&CK framework and Cyber kill-chain; Ability to document and explain technical details clearly and concisely to both technical and non-technical audiences; Practical networking experience with a deep understanding of TCP/IP and other network protocols; Practical experience with Forensic Incident Response Triage and Investigation techniques and technologies;
• Experience with using and optimising a range of threat intelligence feeds; Excellent troubleshooting and analytical thinking skills;
• and, Strong documentation and communication skills.

• Prior experience in working Service provider (SP) or Managed Services provider (MSP);
• Technical Security Certifications such as SANS GCIA; Expertise on Windows Operating system, Active Directory.

• Security oriented & problem-solving mindset (like solving puzzles & finding ways into closed systems);
• High level of attention to detail, revision control, & configuration management practices; 
• A passion for "finding evil" and "doing good", & ability to translate business concepts into the required technical system based events.

AARNet is committed to diversity & providing equal opportunity to all. We're a great place to work if you want to make a difference. Remuneration will be based on skills & experience. We also offer:

• 17% superannuation;

• Flexible work options;

• 2 days paid Women’s Wellness Leave per month;

• 24 weeks paid – Maternity Leave;

• 24 weeks paid - Adoption Leave;

• 16 weeks paid - Paternity Leave;

• 2 days paid Family Wedding Leave;

• 5 days paid Natural Disaster Leave;