SOC Analyst (Mitre ATT & CK)

SOC Analyst

As of now, coming onsite is not a requirement, but it is preferred local candidates so they can accommodate any future onsite requirement. 

The schedule is 3 days x 13-hour shifts, but similarly scheduled resources will usually tack on an extra hour to one of the shifts to make 40 hours. 

Schedule: Sat – Mon, 7pm – 8am (3x13hrs, 4 days off), or as needed for escalations; includes weekends & holidays

Role Responsibilities:

• Perform security monitoring and analysis leveraging SIEM and security tools
• Conduct technical analysis and correlation of operating system, database, application, cloud and network logs to triage potential security events and incident investigations
• Analyze tactics, techniques, and procedures (TTPs) for various intrusion sets
• Develop custom SIEM content and tune security tools to prevent, detect and respond to malicious activity
• Utilize EDR and network security tools to conduct host & network-based detection analysis
• Conduct vulnerability scans and participate in tabletop exercises
• Improve the incident response process through tabletop exercises, playbook development, and standard operating procedures
• Day to day, primarily first responder to incidents

Requirements and Experience:

• Must be willing to come onsite to NYC on a regular basis
• Must have experience using various Threat Intelligence tools
• Experience managing ticket escalations, and incident response coordination across engineering, security, and management teams
• Experience in IDS/IPS, SIEM, EDR, DLP, Firewalls, DNS security, cloud security, Windows and Linux systems, etc.
• Familiarity with the Cybersecurity Framework (CSF) and a threat intelligence framework such as MITRE ATT&CK
• Deep knowledge of threat and vulnerability analysis
• Extremely detail-oriented and ability to quickly investigate ongoing and emerging threats
• Experience in developing, acquiring, maintaining and implementing threat intelligence
• Strong computer knowledge (hardware & operating systems)
  • Strong network knowledge
  • Excellent communication skills (Phone/Email)
    • Ability to write clear emails to non-technical staff and send incident updates to upper management when required.
    • Assist with weekly presentation slides and project updates
    • Strong forensics background (soft requirement)