Overview
On Site
Depends on Experience
Full Time
No Travel Required
Skills
SOC
MDE
MDI
Sentinel
MDCA
FireEye
Proof-point
Job Details
Position- Security Operation Center Analyst
Location Frisco, TX (Day1 Onsite)
Full time Hire
Tools Knowledge: - Microsoft MDE,MDI, ,Sentinel, MDCA and FireEye,Proof-point
Experience required: -5 to 8 years
- Ensure that SOC and IR activities within a process are being performed at a high level of quality and that it meets its associated Service Level Agreements or Operational Level Agreements
- Responsible for assigning incidents within a group or division.
- Responsible for communicating with the process manager.
- Determines if an incident needs to be escalated according to priority and severity of the issue.
- Ensure that Incidents assigned to their Support Groups are resolved and that service is restored.
- Monitor the Incidents and manage workload in their respective queues to ensure that Service Level Agreement and Operational Level Agreement are respected.
- Identify Incidents for review.
- Participate in Incident review following major Incidents.
- Identify potential problems and/or increasing trend of repetitive Incidents.
- Create Knowledge with repeatable procedures with a goal of reducing the number of Incidents.
- Escalate all process issues to the Incident Manager
- Good understanding of security operations, network security, threat intelligence, incident response.
- SIEM configurations (Particularly Azure Sentinel), incident and alarm response procedures, engagement with operations teams to manage incidents.
- Experience with writing queries, parsing, and correlating data.
- The ability to perform analysis of the log files from multiple different devices, environments and identify of security threats.
- Review and respond to Security Incidents, track, and collaborate its timely resolution.
- Responsible for managing the queue for tracking, trending, and aging of ticket.
- Collect, review, report external threat metrics and track its remediation.
- Collect and analyze security reports/evidence and draw conclusions based on the tracking & trending.
- Review, update and maintain SOP, playbooks.
- Work across various security support teams to assemble required reports for weekly and monthly security operations client meetings.
- Monitor security incidents tickets to ensure security events are being properly serviced and that associated SLAs are met.
- Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organizations data, systems, and networks.
- Resource should have hands-on experience on use case review and participate in use case fine tuning.