Job description
Description: The Security Analyst I role is a critical position within the organization.
The primary function of the role will be to provide monitoring of deployed customer environments for security events.
This includes establishing the extent of a threat, the business impact, and advising the most suitable course of action to contain and remedy the event.
A Cybersecurity Technician will serve as an escalation point to the subject matter expert for in-depth cybersecurity events and must be able to communicate effectively to all stakeholders during the event management process.
Responsibilities: · Manage the security event monitoring and incident response ticket queues and triage as appropriate to meet the established service level agreements · Promptly transfer cybersecurity tickets to the client or internal point of contact · Clearly convey indicators of compromise, isolation, and remediation steps · Analyze and interpret system, security, and application logs in order to diagnose faults, spot abnormal behavior, and rule out false positives · Effectively utilize End Detection and Response tools to investigate alerts, anomalies, and build accurate timelines related to possible compromise · Follow established procedures to investigate, escalate, contain, or eradicate malicious activity · Develop and deliver written and oral reports to clients, teammates, and management to aggregate and communicate security information and metrics · Provide input and recommendations to improve internal processes and procedures related to SOC duties and responsibilities · Participate in threat-hunting activities and other special projects as required · Understand and follow, our set of standards and processes that produce a predictable result for the client.
You must be aware of and maintain our standards.
Additional Responsibilities: · Maintain accurate and real-time timesheets, record complete and accurate notes of troubleshooting and communication with clients · Receive mentoring and feedback from peers and others · Where appropriate, escalate complicated issues to a more senior resource or other appropriate teams · Review Tickets with Manager · Actively Participate in Team Huddles, L10 Meetings, One on One Meetings, and any other Team Meetings · Create and update documentation when changes occur, or when discoveries are made · Attend monthly training & team meetings as required · Additional duties as required Qualifications: · Two years work experience in the Information Security or related fields · Two or more current security-related industry certifications · Experience with SIEM platforms, firewall management, and endpoint detection and response platforms · One year or more of experience with EDR solutions, ESGs, vulnerability management, and content filtering · Good problem-solving and decision-making skills; ability to understand and analyze complex issues · Self-motivated, detail-oriented, highly organized, and able to handle a variety of tasks and responsibilities in an efficient manner with a high level of quality · One of the following certifications preferred: CompTIA Security+, CompTIA CySA+, CCNA, C|EH, SSCP, or equivalent
This job post has been translated by AI and may contain minor differences or errors.
