Overview
As an entry level SOC Analyst and Incident Responder, you are responsible for alerts from various SIEM and EDR tools from 7 Layer Solutions’ clients from triage through to closure. You are responsible for escalating alerts to the Managed Services teams and working with them to investigate and close the alerts. You are the main point of contact for incident response, threat hunting, and threat intelligence, and you are building a process to communicate new security threats to 7 Layer Solutions’ clients.
Duties include:
• Assist in establishing a mature and optimized Security Operations Center discipline to support managed security services focused on client-facing security information event management and Endpoint Detection and Response engagements
• Responsible for validating security alerts and ensuring appropriate action is taken to mitigate
• Analyze and respond to security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Email Security, Cloud Security, and other security threat data sources
• Respond to clients in a timely manner (within documented SLA) with thorough and concise analysis and recommended actions
• Collaborate with 7 Layer Solutions and client technical leads and Subject Matter Experts related to security event monitoring and security incident escalation
• Conduct operations surrounding cyber security incident response technologies including network logging, security information and event management tools, security analytics platforms and log search technologies
• Collaborate and serve as liaison to key security vendor solution partners
• Creating data analysis, statistics, and visualizations
• Perform threat and vulnerability management monitoring and provide remediation guidance
• Develop standard operating procedures and playbooks to improve cybersecurity monitoring and incident response
• Review reports provided by internal security tools and external MDR partners and ensure all concerns are addressed and communicated
• Provide cybersecurity recommendations on new technologies or how to address risks
• Responsible for client on-boarding and configuration of phishing and training campaigns and Darkweb monitoring tools
• Responsible for tuning the SIEM and EDR systems with the vendors
Minimum Requirements
• Experience with Incident Response and Threat Hunting
• Experience with Endpoint and Network Detection Response technologies
• Experience with Scripting or programming skills (PERL, Python, PowerShell, etc.)
• Experience with Windows, Mac, Linux, iOS, and Network Operating Systems
• Using SOC/Incident Response core skills including security event review, log analysis, host analysis, email analysis, and network analysis
• Practical experience with TCP/IP networking
• Critical thinking and problem-solving skills
• Passion for information security
• Strong business acumen including written and verbal communication skills
• Presentation and public speaking abilities
• Project management skills
• Strong interpersonal and organization skills
• Ability to operate as a team and/or independently while demonstrating flexibility to changing requirements.
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
• Bachelor’s degree or higher in IT-relevant discipline (Preferred)
• Experience with Cloud Security configuration best practices
• Working knowledge of Information Security best practices, audit frameworks and possibly privacy laws (e.g., familiarity with ISO 27000 series, SANS, NIST, OWASP Top 10, COBIT, CIS Top 20, CCPA, GDPR).
• Possession or active pursuit of certifications such as: CompTIA Security+, EC-Council Certified Incident Handler (ECIH) or Certified Ethical Hacker (CEH), and ISC2 Certified in Security (CC) is highly preferred.
• Demonstrating foundational knowledge in computer networking, operating systems (both Windows and Unix based operating systems), and virtualization (cloud and on-premises)
• Building effective relationships with stakeholders and colleagues
Physical Demands
While performing the duties of this job, the employee is regularly required to talk, hear, and see. The employee may be required to sit for long periods of time and employee may be spending a significant amount of their time on a computer. The employee will occasionally lift, push, or move up to 10 pounds.
Work Environment
The noise level in the work environment is usually moderate.