The primary role of a Security Analyst (L1) is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, these analysts will be responsible for monitoring the SIEM tools for security events and closing or escalating those events as necessary. Security Analysts maintain the group email address and distribution lists, answer the main phone lines, and update all relevant documentation such as shift logs and tickets. Additionally, assist the MDR Analyst in an incident workflow and assist the MDR team in incident detection, remediation and communicate with external teams in proper incident resolution.
Required Technical skills:
- Experience with SIEM tools (Sentinel, Splunk, Logrhythm, etc.).
- Experience in Azure Sentinel.
- Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire) .
- Familiarity with incident response process and activities.
- Familiarity with TCP/IP protocol, OSI Seven Layer Model.
- Knowledge of Windows, Unix-based systems, architectures, and network security devices.
- Intermediate level of knowledge of LAN and WAN technologies.
- Must have a solid understanding of information technology, information security domains.
- Knowledge of security best practices and concepts.
- Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware.
- Familiarity with ticketing tool / ITSM tool.
- Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations.
Qualifications:
- Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field.
- Minimum of 12 months of prior MDR/SOC/Incident response experience.
- Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required.
- Shall have demonstrated professional experience in incident detection and response, malware analysis, or cyber forensics.
- Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments.
- Demonstrated strong oral and written communication and client facing skills.
- Demonstrated strong analytical and communications skills.
- Flexibility to adapt to different types of engagement, working hours, work environments, and locations.
- Proven ability to work creatively, analytically in a problem-solving environment.
- Ability to work nights, weekends, and/or holidays in the event of an incident response emergency.
- Be comfortable working against deadlines in a fast-paced environment.
- Identify issues, opportunities for improvement, and communicate them to an appropriate senior member.
