Overview
Skills
Job Details
Sr. SOC Analyst (can be from a Developer, Systems Admin or Threat Hunter Background. See descriptions below)
*Location: Irvine, CA
MANAGER NOTES:
- At least 4 years of experience as a SOC analyst, incident response experience, etc.
- Experience in managing and tuning SIEM products
- Experience installing network security devices (FW, IDS/IPS, etc.) and servers (Linux/Windows, etc.)
- At least 5 years of IT experience preferred.
General Position Summary
This position is responsible for providing advanced-level security monitoring services to client companies by gathering security events from security devices, network devices and computers in customer network to security monitoring system in a data center. This senior role is also accountable for developing SIEM contents and tools to enhance the SOC capabilities.
PRIMARY RESPONSIBILITIES
- Provide 24x7 monitoring and analysis of SIEM events to identify potential security risks and vulnerabilities.
o Coordinate and collaborate with others for the investigation, remediation, and implementation of preventative measures for cybersecurity events and incidents.
o Manage escalations received from Tier I SOC Analysts .
o Triage and investigate events to identify security incidents.
o Provide detailed analysis of security events and investigations.
o Recommend actions to customers for cybersecurity events and incidents .
o Log security incidents in the case management system, managing security incidents throughout their lifecycle to closure.
- Develop SIEM contents and other programs to enhance the SOC efficiency and detection capability.
o Enhance existing programs, troubleshooting as necessary.
o Develop SIEM contents such as rules, reports, etc.
o Develop integration programs such as log collection scripts, remediation scripts, etc.
- Serve as a subject matter expert in at least one security-related area (e.g. specific security solution, Windows, etc.).
- Provide technical support for the SOC services and security products that client delivers.
OTHER & MISCELLANEOUS
- Provide coaching, training, and support development of documentation for Tier I SOC Analysts.
- Manage stakeholders expectations and relationships in pre-sales and post-sales activities including onsite visits.
- Provide routine reporting to customers.
- Seek constant improvement, more efficient, and less expensive ways and means in work processes.
- Perform maintenance and enhancement of the SOC service such as maintenance and enhancement of SIEM contents, SOC documents, SOC tools, and SOC infrastructure.
- Perform special projects and other miscellaneous duties as assigned by management, including supporting ad-hoc data and investigation requests.
- Report all irregular issues and problems to management for resolution.
- Maintain high ethical standards in the workplace.
- Maintain good communication with management, office staff members, and outside contacts.
- Comply with all company policies and procedures, including maintaining a clean and safe working area.
Qualifications (if developer)
Education & Work Experience
- At least 4 years of experience as a SOC analyst, including event triage and incident management.
- Prior experience with SIEM tuning and administration .
- Proficiency in popular coding languages including Python, Java and C++ and frameworks.
- Relevant cybersecurity experience including SIEM operations, forensic acquisition and analysis of evidence, event management, and incident management.
- Demonstrated experience with leading incident response calls, meetings, and activities by providing direction to other team members and partner vendors.
- Ability to multitask, including answering multiple calls, prioritizing emails, instant messaging/chat environments, and ticket-related communications. Prior experience working in fast-paced environment with the ability to manage workloads when handling incident responses with competing priorities.
Qualifications (If Threat Hunter)
Education & Work Experience
- At least 4 years of experience as a SOC analyst, including event triage and incident management.
- Prior experience with SIEM tuning and administration.
- Relevant cybersecurity experience including SIEM operations, forensic acquisition and analysis of evidence, event management, and incident management.
- Demonstrated experience with leading incident response calls, meetings, and activities by providing direction to other team members and partner vendors.
- Ability to multitask, including answering multiple calls, prioritizing emails, instant messaging/chat environments, and ticket-related communications. Prior experience working in fast-paced environment with the ability to manage workloads when handling incident responses with competing priorities.
- Bachelor s degree in a relevant field of study (e.g. Cybersecurity, Information Systems, Computer Science, Security & Risk Management, etc.). Master s Degree preferred. Previous experience in incident investigation utilizing EDR tools.
- Advanced knowledge and strong interest in cybersecurity (attack methods, malware techniques, etc.).
- Fluent in English, both written and verbal, with excellent oral and written communication skills.
- Experience with reporting tools
- Bachelor s degree in a relevant field of study (e.g. Cybersecurity, Information Systems, Computer Science, Security & Risk Management, etc.).
- Master s Degree preferred.
Qualifications (if System Admin)
Education & Work Experience
- At least 4 years of experience as a SOC analyst, including event triage and incident management.
- Prior experience with SIEM tuning and administration.
- Proven experience as a System Administrator, Network Administrator or similar role.
- Relevant cybersecurity experience including SIEM operations, forensic acquisition and analysis of evidence, event management, and incident management.
- Demonstrated experience with leading incident response calls, meetings, and activities by providing direction to other team members and partner vendors.
- Ability to multitask, including answering multiple calls, prioritizing emails, instant messaging/chat environments, and ticket-related communications. Prior experience working in fast-paced environment with the ability to manage workloads when handling incident responses with competing priorities.
- Bachelor s degree in a relevant field of study (e.g. Cybersecurity, Information Systems, Computer Science, Security & Risk Management, etc.). Master s Degree preferred.
- Previous experience in incident investigation utilizing EDR tools.
- Advanced knowledge and strong interest in cybersecurity (attack methods, malware techniques, etc.).
- Fluent in English, both written and verbal, with excellent oral and written communication skills. Experience with reporting tools.
Tools & Equipment
- Software includes the use of Windows operating system, MS Office
- General office equipment including phones, fax, copier, personal computer, printer, scanner, etc.
Certificates/Licenses
- CISSP or GIAC 50X or above (required)
- MCSE, MCP, CCNA, Security +, preferred