Senior CSOC Analyst

Houston, Texas

ComTec Information Systems
Apply for this Job

Title: Senior CSOC Analyst

Location: Little Rock, AR or Houston, TX (Hybrid)


The Cyber Security Operations Center Analyst is a level 3 position, will be responsible for investigating and responding to security incidents, understanding, and mitigating attack vectors, and staying abreast of the evolving threat landscape. The ideal candidate is detail oriented, a problem solver with critical thinking skills, and focused on process improvement.


Responsibilities:

  • Analyze digital evidence and perform forensic analysis to determine root cause.
  • Identify and implement automation with SOAR, SIEM, or similar tools to improve capabilities.
  • Identify problematic trends and take proactive steps to mitigate negative impacts to customer base.
  • Conduct thorough investigations into security incidents, including but not limited to, malware infections, phishing attempts, and unauthorized access attempts.
  • Analyze and understand various attack vectors used by threat actors to compromise systems and data.
  • Monitor and assess the threat landscape to identify emerging threats and vulnerabilities relevant to our environment.
  • Monitor and participate in training and exercises to ensure CSOC team proficiency.
  • Participate in post-incident reviews to identify lessons learned and best practices.
  • Perform network investigations to identify and mitigate potential security risks and intrusions.
  • Collaborate with cross-functional teams to implement security controls and measures to enhance our overall security posture.
  • Understand and perform cloud security monitoring and improve maturity posture.
  • Develop and maintain incident response procedures and playbooks to ensure effective and efficient response to security incidents.
  • Support the threat hunting team to identify gaps of coverage and make recommendations on use cases for monitoring.
  • Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry.
  • Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management.
  • Approximately 20% onsite

Requirements:

  • 5+ years of cyber security experience, across multiple disciplines (incident response, threat hunting, monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, etc.)
  • 3 years of hands-on experience working with Security Incident and Event Management (SIEM such as Splunk), incident response in a SOC environment with a structured after-hours process
  • In-depth knowledge of various attack vectors, threat intelligence sources, and the cybersecurity threat landscape.
  • Experience with network investigations, intrusion detection systems (IDS), and security information and event management (SIEM) tools.
  • Strong knowledge of Security orchestration, automation and response (SOAR) systems.
  • Strong understanding of MITRE ATT&CK Framework
  • Strong understanding of cloud environment for security principles and best practices
  • Ability to perform computer network attack analysis and collaborate with counterintelligence and law enforcement investigations.
  • Has experience providing guidance and mentorship to others in cyber threat analysis and operations.
  • Able to proactively identify possible threats, security gaps and vulnerabilities
  • Advanced knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks
  • Outstanding problem-solving/decision making ability
  • Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
  • Exceptional interpersonal skills, including teamwork, facilitation, and training
  • Strong report writing and communication and ability to effectively communicate across the organization

Date Posted: 21 May 2024
Apply for this Job