- AnalystSummary:MSOC Junior Analysts are responsible for the triage and analysis of cybersecurity alerts for Client that are directly related to threat detection and threat response activities.
Security Operations Center Analyst - Nashville, United States - Brooksource
Description
Managed SOC (MSOC)Additionally, the MSOC Junior Analyst will serve as part of the Core Team that works directly with cybersecurity analysts and Client team members as well as the TDR Junior Analysts and TDR Senior Analysts supporting from the Cybersecurity Center.
Furthermore, they will collaborate with the MSOC Senior Analyst to identify and recommend detection signatures for tuning and technology management.
Qualifications:
Bachelors degree in a technical field (preferred in Information Systems, Computer Science, or related disciplines). A valid driver's license in the US; work onsite at the Client SOC location in Herndon, VA.
A minimum of 2 years of experience working in cybersecurity intrusion analysis and/or endpoint monitoring, detection, and response (e.g., IT SOC Analyst), operational technology (OT) monitoring (e.g., OT SOC Analyst), detection, and response (OT-SOC), incident response, computer or network forensics, or in related cybersecurity fields.
Working knowledge of Security Information Event Management (SIEM) software (e.g., Splunk, Sentinel, or other SIEM platforms). Working knowledge of OT Monitoring Software (e.g., OTSaAM, Nozomi or other).Working knowledge of Endpoint Detection and Response (EDR) software (e.g., Symantec, CrowdStrike, Tanium, MS Defender for Endpoint and O365, or other EDR platforms).
Working knowledge of Network Security Monitoring (NSM) software (e.g., ForeScout, Fidelis Network, ExtraHop, or other NSMs). Working knowledge of security alert triage and analysis methods (e.g., use of correlations, behaviors and patterns, pivoting, enriching alert data and providing remediation recommendations)Analyst should also have:
One or more technical cybersecurity certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), EC-Council Certified Ethical Hacker (CEH), or similar.
Competence using ticketing and/or asset management system software (e.g., ClearAsset, ServiceNow or other ticketing systems) for incident documentation, problem tracking, and change management.
Experience with cybersecurity incident response coordination and methods. Experience integrating cyber threat intelligence with security monitoring processes and threat hunting. Knowledge of detection rule logic management (e.g., creation, tuning and management methods).Knowledge of cybersecurity frameworks (e.g., Mitre ATT&CK, VERIS, Cyber Kill Chain, Diamond Model, and other frameworks) Knowledge of cloud infrastructures and cloud security monitoring (Azure, AWS, and GCP) Knowledge of network communication concepts including ports, protocols, and encryption Knowledge of identity, access and privileged account monitoring concepts Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution.
Working knowledge of and experience against advanced persistent threats.Skills and attributes needed:
Ability to effectively communicate when interacting with Client, senior leaders, technical SMRs, support staff, vendors and business partners in both technical and nontechnical terms.
Ability to engage with Client by listening and understanding their needs. Create and deliver high quality work products, Client reports and presentations. Adhere to service quality standards and program management requirements. Work collaboratively in a cross-functional team environment that is culturally diverse and with geographically dispersed teams#J-18808-Ljbffr