Address
Form of work
SalaryJob Summary:
Leverage advanced security tooling and automation to rapidly detect and respond to real-time security alerts and events and conduct detailed root cause investigations and Incident Response. The analyst will work closely with security team and business partners, to identity and mitigate a wide variety of threats and malicious activity. Responsibilities:
Performance Outcomes:
- Quickly understand and utilize company’s SOC technologies, including but not limited to a Security Information Event Management (SIEM) platform, Intrusion Detection System (IDS), Endpoint Detection & Response (EDR) solution, and insider threat tooling. Ability to quickly learn SIEM solution and create and/or customize dashboards to make the best use of data.
- Act as an internal expert on matters relating to intrusion detection and incident response (IR).
- Respond to security events and threats from alerting, escalations, and other sources. Be responsible for running security incident response activities – triage through recovery/closure.
- Lead complex investigations and conduct deep analysis of security events, across various company security platforms, focused on rapid containment and remediation.
- Perform Threat Hunting activities when not involved in IR activities.
- Work closely with security engineer to improve monitoring, detection, tooling, and integrations.
- Track industry cybersecurity attacks and vulnerabilities and work proactively to address cyber risks (think SolarWinds, Log4j, etc.).
- Provide high quality written and verbal reports, as required.
Engagement and Collaboration
The SOC Analyst will work intricately with their teammates and neighboring teams’ cybersecurity engineers, systems engineers, software engineers, and others. They will also begin to partner with business partners in other departments to identity and mitigate a wide variety of threats and malicious activity.
Education, Knowledge, and Experience:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a similar field preferred
- 1+ years of Security Operations Center (SOC) and Incident Response (IR) experience.
- CrowdStrike administration and advanced utilization is a big plus.
- Understands threat analysis models like MITRE ATT&CK Framework and the Cyber Kill Chain.
- Experience with variety of operating systems and threats that target them including Windows, LINUX, and MacOS.
- Cloud security experience – AWS and Office365.
- Experience with querying across large data sets to understand complicated and difficult to solve problems – this is critical to leveraging the various SOC technologies.
Department:
9312 Information Technology Time Type:
Full timeCommitment to Equal Opportunity
PPLSI conforms to all the laws, statutes, and regulations concerning equal employment opportunities. We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings. We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, status as a protected veteran, and basis of disability or any other federal, state or local protected class. We prohibit retaliation against individuals who bring forth any concerns, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any concerns or otherwise oppose discrimination.
If you require a reasonable accommodation to complete the application process, please contact Human Resources at:
humanresources@legalshieldcorp.com
.
