SOC Analyst-Level 1

If interested, please send resume to catherine@3pandt.com

Location: Remote

POSITION SUMMARY: 

The SOC Analyst (Level 1) is responsible for monitoring and responding to security related alerts triggered in the SIEM tool within Managed Service Clients.  Primary responsibilities include correlation of data from various sources; determining if a critical system or data set has been impacted; provides recommendations on remediation; and provides support for new analytic methods for detecting threats.

The SOC Analyst (Level 1) will use a variety of tools to investigate incidents and take immediate action or recommend a course of action to safeguard Managed Services Clients. The SOC Analyst ( Level 1) will document all incidents and create a clear narrative that supports their conclusions. The SOC Analyst (Level 1) works as Tier 1 support and will escalate all events to second tier Incident Responder for review before completing event notation to assure correctness in reviews. Events that require over 15 minutes of analysis are to be escalated to the SOC Incident Responder on shift for analysis.

ESSENTIAL DUTIES AND RESPONSIBILITIES- MAY INCLUDE THE FOLLOWING:  OTHER DUTIES MAY BE ASSIGNED.  

·   Ensure that all SOC (Security Operations Center) tickets are handled and resolved within SLAs (Service Level Agreements).

·   Staying up to date with current security vulnerabilities, attacks, and countermeasures

·   Monitor security alarm activity from remote communications sites to ensure company compliance

·   Create and run search queries in SIEM tool to help with identifying and troubleshooting security issues

·   Utilize tools (e.g., Wireshark, Nmap, PCap, etc.) to identify and map devices on the network

·   Open, track and close trouble tickets

·   Answer incoming calls and monitor various e-mail accounts and act according to SOC procedures and processes

·   Interface with field personnel to mitigate security incidents

·   Assist with the preparation of SOC reports

·   Investigate and provide technical analysis of various security incidents and possible compromise of systems

·   Provide recommendations for responding to malware incidents

·   Work directly with other SOC Incident Responders and NOC Engineers for issue resolution

·   Provide direct communication to affected users and companies on security incidents and maintenance activities

·   Maintain detailed notes within Operational Management systems on all security issue resolution activities

·   Maintain customer technical information within defined documentation standards

·   Obtain/maintain technical/professional certifications applicable to position or as directed

·   Manage and maintain security monitoring and alerting systems

·   Assess and identify appropriate solutions to be integrated into the systems operation and make recommendations for implementation and troubleshooting

·   Communicate with customers, peers, team and managers regarding incident and change management

·   Provide emergency on-call support on a rotating schedule

·   Perform other duties as assigned

OTHER SKILLS and ABILITIES:

·   Excellent Interpersonal Skills (develop and maintain strong working relationships)

·   Strong work ethic

·   Strong communication skills

·   Ability to prioritize tasks.

·   Strong organizational skills

·   Occasional overtime may be required

·   Basic telephone operation skills

·   Excellent customer service skills

·   Familiarity with ITIL Processes

·   Proficiency in Microsoft Office programs and ability to learn specialized system tools

·   Ability to multi-task in a fast-paced environment

·   Detailed oriented with strong written and verbal communication skills

Minimum Education and Experience:

·   High School Diploma

·   Knowledge and understanding of event/alert management, incident and change management processes.

Preferred Education and Experience:

·   Bachelor’s Degree preferred

·   1 year experience working in a NOC or SOC

·   1 year of Security Incident Response experience

·   2+ years of networking and/or security experience

·   Experience in Security Management and SIEM (e.g., Splunk, OSSIM, AlienVault)

·   Experience in Network Management Tools (e.g., Vistara/OpsRamp)

·   Experience with Ticket Management Tools (e.g., ConnectWise)

·   Possession of Industry Certifications (Security+, SSCP. GCIA, CISSP)

 

If interested, please send resume to catherine@3pandt.com