Roles and responsibilities:
- Must have a basic understanding of computer security concepts including Identity & Access Management, Network Security, Application Security, Incident Management, or Risk & Compliance
- Assist in the development of incident response plans, workflows, and SOPs and provide feedback.
- Be willing and eager to learn from your lead to fully understand the environment, processes, etc.
- Strong logical/critical thinking abilities, especially in analyzing security events (windows event logs, AV logs, network traffic, IDS/IPS events, firewall logs for malicious intent).
- Assist in vulnerability scan analysis and data gathering.
- Ability to provide feedback on rules, filters, views, signatures, countermeasures, and operationally relevant applications and scripts to continuously enhance detection efforts.
- Participate in incident investigations and responses involving advanced or complex threats.
- Have the ability to follow detailed incident response workflows, participate in critical security incident response investigations, and work with Sr. SOC personnel to follow an Incident Response plan.
- Research and leverage cybersecurity intelligence sources to improve SOC incident detection and response capabilities.
- Experience collaborating with peers and other teams to identify improvements and identify areas for tuning use cases or signatures to enhance monitoring value
- Ability to work with the SOC team and leadership during cyber monitoring, hunting, and incident response investigations is required.
Basic Qualifications:
- Bachelor’s degree in Cyber Security or equivalent certification.
- At least 1 year of experience in incident analysis, security architecture, malware research, SOC, or any other similar incident response experience.
- At least 1 year of experience with Security Information and Event Monitoring (SIEM) platforms or log management systems that perform log collection, analysis, correlation, and alerting.
- Required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency.
Preferred Qualification:
- 2 + years of experience with Microsoft Windows systems including active directory.
- 2 + Years of experience with Unix systems.
- 2 + Years of experience with network devices such as firewalls, switches, and routers.
- 2 + Years of experience with Jira ticketing system