About the Client
Our client is global organization with nearly 20,000 employees, designs, builds and services critical infrastructure that enables vital applications for data centers, communication networks, and commercial and industrial facilities. We support today’s growing mobile and cloud computing markets with a portfolio of power, thermal and infrastructure management solutions.
About the Role
The SOC Analyst role position reports to the IT Security Operations team. This team drives information security initiatives through Security Operations Center (SOC) and its 24x7 SOC mission to mitigate global security threats against our customers and employees.
- Act as a team member providing incident response & analysis services involving both on-site/deployed and remote/lab-based activities.
- Analyze events, alerts, and logs from both network (proxies, firewalls, IPS, network forensics) and endpoint computing devices (AV, ATP, DLP, Host/System events) for tactical IR purposes to identify malicious and anomalous activity.
- Operate and interact with SIEM software to identify and prioritize potential threats
- Analyze netflow and packet capture data
- Assess network layout and architecture in context of responding to incidents for response and recovery
- Execute Advanced Persistent Threat (APT) “hunting” / analysis operations
- Formulate strategic mitigation recommendations and/or plans
- Leverage working knowledge of IR frameworks for live forensics and analysis
- Configure/execute sweep parameters using supported tools
- Assist in managing IR activities and communicating with customers and stakeholders
- Develop incident reports and ability to brief senior management
Must - Ability clearly articulate a position using the English language
- Preferred - Bachelor of Science in CS, CE, EE, IA/security, IT, Forensic Science, Accounting or related fields of study
- Preferred - 2 to 5 years of relevant work experience depending on analyst position level
- Strong communications and technical writing skills
- Strong team player with the ability to conduct daily duties autonomously
- Understanding and knowledge of various log formats from a variety of network and computer devices.
- Familiarity with memory captures and analysis of captures
- Experience and familiarity with tactical triage of binaries for surface and run time analysis for incident response purposes
- Understanding and working knowledge of common critical network protocols and layer 7 technologies such as SMTP, HTTP, HTTP/S, SSL/TLS, DNS, FTP, SSH, and others
- Familiarity with advanced persistent threats (APT) and their tactics, techniques, and procedures (TTPs)
- Familiarity with SOC/NOC operations
- Familiarity with the Cyber Kill Chain™ for incident response
- Fundamental understanding of Windows, Mac OSX, and Linux operating systems
- Possess basic programming or scripting skills
- Fundamental understanding of OSI model, basic networking and troubleshooting concepts
- Familiarity with virtualization software
- OSCP or similar certifications
Nice to Have Skills