SOC Tier 1 Analyst Hybrid 2 Days a week Location: Farmington Hills, MI

Title: SOC Tier 1 Analyst

Onsite Requirement: Hybrid 2 Days a week

Location: Farmington Hills, MI

Position Summary

The Security Operations Center is responsible for providing 24/7, 365 monitoring, detection, and response capabilities for the organization. This includes event, cloud security, and DLP monitoring, as well as a role in the incident response process. The Tier 1 SOC Analyst primarily serves as the initial triage and investigation point for the SOC and would escalate incidents on an as needed basis.

The Tier 1 Security Operation Center (SOC) Analyst is responsible for proactively monitoring and performing initial triage / investigation of security incidents and alerts to identify any malicious activity. Besides the initial triage and investigation, Tier 1 Analysts are expected to escalate security incidents according to defined escalation policies to Tier 2, Tier 3, and SOC leadership for further investigation / response.

Key Responsibilities

• Work in a 24/7 Global SOC Team that operates in three shifts
• Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and set the priority, provide analysis, determine, track remediation, and escalate as appropriate.
• Utilize the intrusion detection, security scanning, security log collection, content filtering, and other security-related systems to perform triage and investigation and incident response Provide support for security incidents coordination, by using different communication means.
• Ensure the SOC team documentation is up to date, including investigation Playbooks and Standard Operating Procedures as well incidents have current notes related to investigation steps which were performed.
• Categorization and prioritization of security incidents Looking for the correlation between various security events

Duties/Responsibilities:
SOC Analysis

• Monitor security incidents for, endpoints, network, and cloud domains, being generated by the SIEM tool and ticketing system.
• Initial triage and investigation of incidents assigned through the ticketing system, following established playbooks for specific incident types.
• Respond, mitigate, and eradicate security threats, with guidance from Tier 2, Tier 3 analysts, as well as SOC leadership.

Documentation and Support

• Provide consistent and quality documentation of actions taken to triage / investigate incidents.
• Assist senior staff in development of documentation / knowledge management articles for the SOC.
• Handle sensitive information in accordance with the Corporate Information Protection Policy.
• Collaborate with other Engineering and Operations teams to troubleshoot, respond, and improve detection capabilities.

Skills:

• Solid understanding of Cybersecurity concepts and frameworks.
• Proven, excellent analytical skills.
• Working knowledge in the use of tools such as SIEM / IT Ticketing technologies, EDR, Email Gateway's, Malware Analysis Sandbox.
• Understanding of networking (TCP/IP networks and protocols) concepts.
• Understanding of phishing and malware techniques
• Strong written and oral communication, documentation, and organizational skills

Preferred:

• Experience in a SOC or IT operations environment.
• Security certifications (e.g., Security+, CySA+, or equivalent) are a plus.

Additional Information

• This is a shift-based role in a 24/7 operational environment; weekend and holiday coverage may be required on a rotational basis.
• Applicants must comply with all corporate information security and data protection policies.