Job Description:

CSOC Tier 2 Security Analyst reviews and triage security incident tickets generated by Tier 1 Security Analyst(s) following procedures for detecting, reporting, and responding to security incidents. Tier 2 adds appropriate contextual data by collecting asset data (configs, running processes, etc.) on these systems to identify false positive and true positive events. Tier 2 analyzes incidents and correlate to determine classification, prioritization and response to incidents.

Responsibilities:

• Accept escalations from CSOC Tier 1 and provide initial investigation of security
• Understand CSIRT functions and participates in analysis, containment, and eradication of cyber security events and incidents
• Handle cyber security incidents in accordance with the incident response process
• Perform analysis of logs from various security controls, including, but not limited to, firewall, proxy, host intrusion prevention systems, endpoint security, application and system logs, to identify possible threats to information security
• Perform remote and onsite live response activities
• Analyze malware and/or other suspicious files/email messages
• Analyze volatile system data
• Collaborate with Tier 1 Analyst(s) event handlers and to improve prevention and detection methods
• Collaborate with security engineering teams to ensure proper function of tools used to support the incident response function
• Work closely with the Cyber Hunt Team, Threat Intel, and other internal organizations to achieve the shared vision of improving the company’s cyber security posture (Use case Development)
• Maintain proper documentation and creation of reports

Qualification Requirements.

• Bachelor’s degree in a technology field preferred
• Industry certifications such as CEH, CHFI, CompTIA Security +, CompTIA Network +, CompTIA CySA+ are desirable
• 2-5 years’ experience working in incident response and/or other IT related fields tied to networking and enterprise information system environments
• Interest in the cyber security field includes specific focus on the following domains: enterprise security defense, network and application penetration testing, vulnerability testing, and incident response
• Knowledge of network protocols, enterprise architecture, and common network logging functions
• Experience with log analysis, malware analysis, forensic analysis
• Hands on experience with security tools, such as, QRadar, Splunk and other SIEM, network forensic and capture tools
• Knowledge of threat intel, SIEM technology, threat hunting, DNS attacks, common threats, network forensic and capture tools etc.
• Experience work as part of a SOC or CSIRT team is desirable
• Cloud Security experience preferred
• Scripting/programming experience with either Python or PowerShell preferred
• Passion for Cyber Security and learning
• Good written and verbal communications skills
• Ability to prioritize assignments and efforts in a complex work environment