Title: Senior CSOC Analyst
Location: Little Rock, AR or Houston, TX (Hybrid)
The Cyber Security Operations Center Analyst is a level 3 position, will be responsible for investigating and responding to security incidents, understanding, and mitigating attack vectors, and staying abreast of the evolving threat landscape. The ideal candidate is detail oriented, a problem solver with critical thinking skills, and focused on process improvement.
Responsibilities:
- Analyze digital evidence and perform forensic analysis to determine root cause.
- Identify and implement automation with SOAR, SIEM, or similar tools to improve capabilities.
- Identify problematic trends and take proactive steps to mitigate negative impacts to customer base.
- Conduct thorough investigations into security incidents, including but not limited to, malware infections, phishing attempts, and unauthorized access attempts.
- Analyze and understand various attack vectors used by threat actors to compromise systems and data.
- Monitor and assess the threat landscape to identify emerging threats and vulnerabilities relevant to our environment.
- Monitor and participate in training and exercises to ensure CSOC team proficiency.
- Participate in post-incident reviews to identify lessons learned and best practices.
- Perform network investigations to identify and mitigate potential security risks and intrusions.
- Collaborate with cross-functional teams to implement security controls and measures to enhance our overall security posture.
- Understand and perform cloud security monitoring and improve maturity posture.
- Develop and maintain incident response procedures and playbooks to ensure effective and efficient response to security incidents.
- Support the threat hunting team to identify gaps of coverage and make recommendations on use cases for monitoring.
- Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry.
- Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management.
- Approximately 20% onsite
Requirements:
- 5+ years of cyber security experience, across multiple disciplines (incident response, threat hunting, monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, etc.)
- 3 years of hands-on experience working with Security Incident and Event Management (SIEM such as Splunk), incident response in a SOC environment with a structured after-hours process
- In-depth knowledge of various attack vectors, threat intelligence sources, and the cybersecurity threat landscape.
- Experience with network investigations, intrusion detection systems (IDS), and security information and event management (SIEM) tools.
- Strong knowledge of Security orchestration, automation and response (SOAR) systems.
- Strong understanding of MITRE ATT&CK Framework
- Strong understanding of cloud environment for security principles and best practices
- Ability to perform computer network attack analysis and collaborate with counterintelligence and law enforcement investigations.
- Has experience providing guidance and mentorship to others in cyber threat analysis and operations.
- Able to proactively identify possible threats, security gaps and vulnerabilities
- Advanced knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks
- Outstanding problem-solving/decision making ability
- Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
- Exceptional interpersonal skills, including teamwork, facilitation, and training
- Strong report writing and communication and ability to effectively communicate across the organization