Responsibilities for the SOC Analyst may include but would not be limited to:
-Assisting in building SOC and CIRT processes, procedures, and training
-Ability to deliver technical training in areas such as incident handling, event analysis and correlation, general SIEM skills, IDS/IPS and log monitoring, threat management, etc.
-Eyes on glass monitoring and resolution of security incidents within established customer Service Level Agreements.
-Performing daily operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from Security Information Monitoring tools, network and host based intrusion detection systems, firewall logs, system logs (Unix & Windows), mainframes, midrange, applications and databases.
-Additional responsibilities will include performing documentation review and improvement, attending meetings as needed, serve front line response for troubleshooting low-level engineering issues as needed.
-Collaboration with Line of Business technical teams for issue resolution and mitigation.
-Communicate and escalate issues and incidents as required by process or management.
-Specialize in network and log-centric analysis.
-Use of IDS, IPS, and/or other signature matching technology
Additional Responsibilities
Perform other essential duties as assigned
SOC Analyst Knowledge, Skills, & Abilities :
-3 - 5 years of Information Technology experience with network security technologies, specifically TCP/IP, and related network tools.
-A sound understanding of TCP/IP and networking concepts
-Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management
-Understanding of source code, hex, binary, regular expression, etc.
-Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
-Experience with QRadar a plus
-Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
-Experience assisting the development and maintenance of tools, procedures, and documentation
-Customer service including the resolution of customer escalations, incident handling, and response
-Experience in a fast paced, high stress, support environment
-Subject matter expert (SME) in one or multiple areas such as Windows, Unix, Midrange, Mainframe, Firewalls, Intrusion Detection, Threat Detection Analysis, or Information Risk Management
-Ability to follow detailed process and procedure documentation
-Ability to present complex solutions and methods to general community
-Demonstrated ability to be reliable and flexible
-Excellent written and verbal communication and organizational skills
-Outstanding work ethic
-Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources
-Network, Security, or Platform certification(s) (S+, N+, MCSP, CNA)
-CISSP or SANS GIAC GCIA certification desired
Position is a SOC Analyst (Security operations center), must have security analysis or incident response experience.
Solid network security experience, logging architecture, IDS/IPS rules and alerts
Strong analytical and critical thinking skills
IBM Qradar experience is strongly desired
~cbdal~
~mo~
News Source
0 comments:
Post a Comment