About the role: The Senior SOC Analyst is an integral part of our Security Operations Centre (SOC) team ensuring the organization's and its customer's IT infrastructure is protected against threats and vulnerabilities. You'll be assisting with overseeing the security operations center, managing security incidents, monitoring and analyzing security events, and leading a team of SOC analysts. We'll look to you to perform the critical job of monitoring and responding to security events from various SOC entry channels (SIEM, EDR, Tickets, Email, Phone) based on the severity and ensure playbooks are executed and appropriate investigative processes are followed.
You will also assist with managing and tuning various technology products such as SIEM, EDR, WAF and IDS/IPS policies. Leveraging your expertise, you will also provide continual service improvement by creating and updating security processes and incident response playbooks.
Responsibilities: Monitor and analyze security alerts and participate in security incident management and response. Participate in evaluating, recommending, implementing, responding, and troubleshooting security solutions. Perform tuning and optimization of security systems (SIEM, EDR, SOAR, WAF, IDS/IPS). Follow ITIL practices regarding incident, problem, and change management. Create and maintain build documents, security procedures, and processes including incident management and incident response playbooks. Stay up-to-date with emerging security threats including applicable security requirements. Review and analyze identified threats, risks, and findings generated from vulnerability analysis tools and work with stakeholders to mitigate vulnerabilities. Act as first responder or escalation point, depending on incident severity, following incident response playbooks. Periodically expected to work off-hours to support deployments, system upgrades, and respond to security events. Conduct threat hunting activities to proactively identify potential threats. Integrate threat intelligence feeds into security monitoring tools to enhance threat detection. Stay updated on the latest threat landscape, tactics, techniques, and procedures (TTPs) of adversaries. Requirements: Bachelor's Degree / Diploma in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering or equivalent experience. Requires 6 to 8 years of relevant previous experience working in a Security Operations Centre and conducting security investigations. Strong knowledge of security incident management, malware management, and vulnerability management processes. Solid understanding of IT, including multiple operating systems and system administration skills (Windows, Linux). Basic understanding of public (AWS, GCP, Azure) and private (VMWare) cloud. Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP. Previous experience with security technologies such as SIEM, EDR/XDR, SOAR, IDS/IPS, WAF, NextGen Firewalls. Analytical thinker who is able to assess circumstances and determine appropriate course of action based on urgency. Ability to adapt quickly to an ever-changing, dynamic Security and IT industry. Team player who can also work independently with minimal supervision. Professional verbal and written communication skills - capable of contributing to Knowledge Management. Polite, respectful to others, professional. Nice-to-have: Familiarity with a scripting language (e.g., Python), REST APIs, JSON. Information Security professional designations such as MCSE, RHCP, CISSP, Security+, Network+. What's in it for you: Private medical and life insurance from day one. Employee Stock Purchase Plan ESPP. Budget for professional growth (certifications). Schedule flexibility. Extra bonus based on performance.
#J-18808-Ljbffr