Security Operations Center Analyst - North Carolina, United States - Optomi

    Optomi
    Optomi North Carolina, United States

    1 month ago

    Default job background
    Description

    Sr SOC Analyst (Incident Response Tier % remote*

    Optomi, in partnership with an enterprise level client in the energy sector is looking to add a Tier 2+ SOC Analyst to their growing team The Tier 2 SOC Analyst will handle alerts from Tier 1's and either remediate or escalate to Tier 3's, as needed. The ideal candidate for this role will come with at least 2 years experience working in a SOC handling SIEM, EDR, Firewall, DLP, cloud, and other alerts PLUS experience developing/scripting in Python, Powershell and/or Bash (preferred). Strong Tier 2 experience working in a SOC is a must.

    This is a role where the candidate will spend 50% of their time handling incidents and the other 50% of their time working on coding/development projects. If you don't come with this experience but have a passion to learn, they will train

    What You Will Do:

    • Responsible for providing monitoring, detection, and response capabilities to ensure security
    • This includes event, cloud security, and DLP monitoring, as well as a role in the incident response process
    • Responsible for providing monitoring support for cybersecurity systems as well as conducting investigations into and escalating alerts as required for malicious activity
    • Review, investigate, and classify the appropriate response for all security incidents that have been assigned / escalated via Tier 1 support
    • Respond to and mitigate security incidents based on defined process and procedures to contain and eradicate threats
    • Perform sampled reviews of investigated incidents by junior analysts to improve ticket quality and providing feedback to coach junior resources
    • Assist with the development of playbooks and processes for day-to-day SOC operations
    • Assist with the development, configurations and fine-tuning of various security tools in the environment
    • Collaborate with other Engineering and Operations teams to troubleshoot, respond, and improve detection capabilities

    What's Required:

    • Bachelors degree in IT, Cybersecurity, or related field
    • 2-4+ years experience working in a SOC working with various log sources (SIEM, EDR, FWs, PCAPs, Cloud logs, etc.)
    • Current experience working as a L2 in an incident response role.
    • Experience with PowerShell, Bash and/or Python scripting (highly preferred). If no experience here, then a willingness to learn.
    • Ability to respond to incidents and work them beginning to end
    • End point or network forensics experience highly preferred
    • Malware analysis preferred

    *Although this is a fully remote role, candidates must sit in certain states to be considered: KY, OH, NC, FL, SC or GA