Security Operation Center Analyst

  • Frisco, TX
  • Posted 38 days ago | Updated 27 days ago

Overview

Hybrid
Depends on Experience
Full Time
No Travel Required

Skills

SOC
MDCA
Sentinel
MDI
FireEye
Proof-point
MDE
SIEM
incident response

Job Details

Position- Security Operation Center Analyst

Location Frisco, TX (3 Days onsite & 2 days remote)

Full time Hire

Tools Knowledge: - Microsoft MDE,MDI, Sentinel, MDCA and FireEye, Proof-point

Experience required: -5 to 8 years

  • Ensure that SOC and IR activities within a process are being performed at a high level of quality and that it meets its associated Service Level Agreements or Operational Level Agreements
  • Responsible for assigning incidents within a group or division.
  • Responsible for communicating with the process manager.
  • Determines if an incident needs to be escalated according to priority and severity of the issue.
  • Ensure that Incidents assigned to their Support Groups are resolved and that service is restored.
  • Monitor the Incidents and manage workload in their respective queues to ensure that Service Level Agreement and Operational Level Agreement are respected.
  • Identify Incidents for review.
  • Participate in Incident review following major Incidents.
  • Identify potential problems and/or increasing trend of repetitive Incidents.
  • Create Knowledge with repeatable procedures with a goal of reducing the number of Incidents.
  • Escalate all process issues to the Incident Manager
  • Good understanding of security operations, network security, threat intelligence, incident response.
  • SIEM configurations (Particularly Azure Sentinel), incident and alarm response procedures, engagement with operations teams to manage incidents.
  • Experience with writing queries, parsing, and correlating data.
  • The ability to perform analysis of the log files from multiple different devices, environments and identify of security threats.
  • Review and respond to Security Incidents, track, and collaborate its timely resolution.
  • Responsible for managing the queue for tracking, trending, and aging of ticket.
  • Collect, review, report external threat metrics and track its remediation.
  • Collect and analyze security reports/evidence and draw conclusions based on the tracking & trending.
  • Review, update and maintain SOP, playbooks.
  • Work across various security support teams to assemble required reports for weekly and monthly security operations client meetings.
  • Monitor security incidents tickets to ensure security events are being properly serviced and that associated SLAs are met.
  • Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organizations data, systems, and networks.
  • Resource should have hands-on experience on use case review and participate in use case fine tuning.

About HCLTech