. DIRECT CLIENT REQUIREMENT
Responsibilities: Monitor and triage security alerts and events from various sources including SIEM, IDS/IPS, firewalls, and endpoint protection systems ,et al. Conduct in-depth analysis of security events to identify potential security incidents or breaches. Investigate and triage security alerts, determining the scope, impact, and severity of the threat. Aid in development and maintain standard operating procedures (SOPs) for incident detection, response, and escalation. Collaborate with cross-functional teams to resolve security incidents and implement appropriate countermeasures. Perform threat hunting activities to proactively identify and mitigate emerging threats. Maintain and update security tools and technologies to ensure optimal performance and effectiveness. Provide timely and accurate reports on security activities, trends, and metrics to leadership and stakeholders. Participate in security awareness training and education programs for staff members to enhance cybersecurity awareness and best practices. Stay current with industry trends, emerging threats, and security technologies to continuously improve SOC capabilities.
Requirements: Associates degree in Computer Science, Information Technology, Cybersecurity, or related field. Minimum of 2 years of experience working in a security operations center or similar role. An Associates degree is also accepted with a minimum of 4 years of experience. Strong understanding of cybersecurity principles, threat landscape, and attack vectors. Proficiency in using security tools such as SIEM, IDS/IPS, endpoint detection and response (EDR), and threat intelligence platforms. Experience with incident response procedures, including incident triage, containment, eradication, and recovery. Familiarity with common security frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Excellent analytical and problem-solving skills, with the ability to analyze large datasets and identify anomalies. Effective communication skills, with the ability to convey technical information to non-technical stakeholders. Relevant certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP) are helpful. Ability to work effectively in a fast-paced environment and prioritize tasks based on the severity and impact of security incidents. Security Analyst