Role Description
The SOC Analyst is responsible for detecting and reporting cybersecurity incidents to clients. The SOC Analyst is responsible for day-to-day cybersecurity monitoring utilizing security tools that are used to monitor and secure our clients business. SOC Analysts are accountable for detecting threats, creating incident tickets, assisting with the response process, assisting the team in developing threat detection and prevention capabilities, and equipping clients to optimize their cybersecurity incident response capabilities.
The SOC Analyst II is also responsible for identifying automation opportunities both for the SOC incident handling and for automated response.
Essential Function Of The Role
- Participate in the daily cybersecurity threat monitoring of Managed Security Services (MSS) clients
- Monitor SIEM incident queue and perform incident triage & ticketing and support to resolution.
- Perform threat analysis on events reported by security technologies supported by MSS.
- Identify indicators of compromise within threat events.
- Identify potential, false positives, policy violations, intrusion attempts and compromises.
- Enrich security events with intelligence from multiple technologies, open-source intelligence sources, and knowledge of the client environment.
- Document problems and resolution for future reference.
- Support customer service requests as needed.
- Support Microsoft Security Stack Incidents and take response actions as needed.
- Other duties as assigned.
Preferred Skills
- Proficient in triaging security incidents in a SIEM platform (Microsoft Sentinel).
- Proficient in Endpoint Detection & Response technologies (M365 Defender).
- Proficient in using KQL for performing incident analysis.
- Knowledge of ServiceNow ticketing system preferred.
- Ability to document problems and resolution for future reference.
- Strong written communication skills.
- Participate with other teams in a collaborative effort to support security operations.
- Stay up to date on the latest tools and technologies that deliver value to clients and perform
- Participate in new security operations initiatives.
Preferred Attributes
- Bachelor's Degree in Cybersecurity, Computer Science, Information Technology or related experience.
- Position requires 2-5 years hands-on experience within a Security Operations Center.
- Working knowledge of scripting and query languages (preferably KQL)
- Experience with Microsoft Sentinel, M365 Defender, Secureworks Taegis, Service Now.
- Experience with Cloud based services (Azure).
- Strong analytical abilities and professional communication skills.
- Excellent troubleshooting skills needed.
- Must be able to respond effectively to inquiries or complaints within a timely fashion.
