Sr. SOC Analyst (Threat Hunter)
Job Category
IT
IT
Location
Irvine, CA
Irvine, CA
Salary Range
$100,000.00 - $130,000.00
$100,000.00 - $130,000.00
General Position Summary
This position is responsible for providing advanced-level security monitoring services to client companies by gathering security events from security devices, network devices and computers in customer network to security monitoring system in a data center. This senior role is also accountable for performing threat-hunting and support analyst investigating alerts with EDR.
Essential Job Functions
PRIMARY RESPONSIBILITIES
Education & Work Experience
This position is responsible for providing advanced-level security monitoring services to client companies by gathering security events from security devices, network devices and computers in customer network to security monitoring system in a data center. This senior role is also accountable for performing threat-hunting and support analyst investigating alerts with EDR.
Essential Job Functions
PRIMARY RESPONSIBILITIES
- Provide 24x7 monitoring and analysis of SIEM events to identify potential security risks and vulnerabilities.
- Coordinate and collaborate with others for the investigation, remediation, and implementation of preventative measures for cybersecurity events and incidents.
- Manage escalations received from Tier I SOC Analysts.
- Triage and investigate events to identify security incidents.
- Provide detailed analysis of security events and investigations.
- Recommend actions to customers for cybersecurity events and incidents.
- Log security incidents in the case management system, managing security incidents throughout their lifecycle to closure.
- Proactively perform threat-hunting to discover undetected threats and enhance the SOC detection capability.
- Utilize advanced threat-hunting techniques, tools, threat intelligence sources and procedures to analyze events and identify threats.
- Develop rules and procedures to detect the threats discovered with threat-hunting to enhance the SOC detection capability.
- Act as EDR subject matter expert.
- Provide technical support for the SOC services and security products that the company delivers.
- Provide coaching, training, and support development of documentation for Tier I SOC Analysts.
- Manage stakeholders’ expectations and relationships in pre-sales and post-sales activities including onsite visits.
- Provide routine reporting to customers.
- Seek constant improvement, more efficient, and less expensive ways and means in work processes.
- Perform maintenance and enhancement of the SOC service such as maintenance and enhancement of SIEM contents, SOC documents, SOC tools, and SOC infrastructure.
- Perform special projects and other miscellaneous duties as assigned by management, including supporting ad-hoc data and investigation requests.
- Report all irregular issues and problems to management for resolution.
- Maintain high ethical standards in the workplace.
- Maintain good communication with management, office staff members, and outside contacts.
- Comply with all company policies and procedures, including maintaining a clean and safe working area.
Education & Work Experience
- At least 4 years of experience as a SOC analyst, including event triage and incident management.
- Prior experience with SIEM tuning and administration.
- Relevant cybersecurity experience including SIEM operations, forensic acquisition and analysis of evidence, event management, and incident management.
- Demonstrated experience with leading incident response calls, meetings, and activities by providing direction to other team members and partner vendors.
- Ability to multitask, including answering multiple calls, prioritizing emails, instant messaging/chat environments, and ticket-related communications. Prior experience working in fast-paced environment with the ability to manage workloads when handling incident responses with competing priorities.
- Bachelor’s degree in a relevant field of study (e.g. Cybersecurity, Information Systems, Computer Science, Security & Risk Management, etc.). Master’s Degree preferred.
- Previous experience in incident investigation utilizing EDR tools.
- Advanced knowledge and strong interest in cybersecurity (attack methods, malware techniques, etc.).
- Fluent in English, both written and verbal, with excellent oral and written communication skills.
- Experience with reporting tools.
- Software includes the use of Windows operating system, MS Office
- General office equipment including phones, fax, copier, personal computer, printer, scanner, etc.
- CISSP or GIAC 50X or above (required)
- MCSE, MCP, CCNA, Security +, preferred