Security Operations Centre (SOC) Analyst Level 1 at Derivco

As a Security Operations Centre (SOC) Analyst you will be responsible to provide dedicated “eyes on glass” monitoring and analysis capability for SOC operations. You will also conduct analysis of security events to include validation, escalation and reporting of events of interest based on the guidelines and event handlers provided. The SOC Analyst will be responsible for the all such events of interest and will make sure they are continuously monitored and reviewed.

Key Responsibilities:

General

• Monitoring and analysis of cyber security events
• Services monitored will include, but are not limited to SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP), DAM, ePO
• Security Event Correlation and Reporting to appropriate Tier 2 Security Analyst or Incident Response staff or relevant sources to determine increased risk to the business
• Recognize potential; successful; and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
• Monitoring that all Security tools are working properly
• Check external feedback from other teams on a daily basis and apply the results effectively
• Get feedback from the shift team on a weekly basis and assist where possible to address points of frustration

Monitoring Management

• Updates inaccurate and add missing knowledge base documents where required
• Handles escalations effectively, ensuring a minimal number of duplicate escalations created
• When acknowledging alerts, ensures alerts are closed at the end of every shift
• Monitors alerts and incidents diligently by actioning them in a timeous manner
• Investigates alerts using the systems provided and adds investigation details to escalated incident descriptions
• Reports back on identified trends that may be forming and/or proactive actions taken to reduce spam
• Ensures all tasks/incidents are assigned to the correct support teams
• IT Operations Centre ­Support Engineer: Behavioral Outputs

Security Focus

• Engineer needs to have a Security perspective on all work being done, keeping the 3 principals, Confidentiality, Integrity and Availability in mind.

Contributes to Team Success

• Demonstrates personal commitment to the team.
• Listens and fully involves others in team decisions and actions.
• Shares important or relevant information with the team.
• Values and uses individual differences and talents.
• Actively participates as a member of a team to move the team toward the completion of team goals.

Displays Company Values

• Operates with integrity, through honesty and keeping of commitments, to demonstrate care.
• Remains open to ideas, listens to others and objectively considers others ideas and opinions even when they may conflict with their own.
• Supports others by treating them with dignity, respect, and fairness.
• Takes independent action by suggesting new ideas or potential solutions to problems.
• Accepts responsibility for outcomes, whether positive or negative, and is willing to admit mistakes and refocus efforts.
• Demonstrates passion by taking immediate action when confronted by a problem or made aware of a situation.
• Takes ownership for quality by dedicating the required time and energy to assignments and making sure no aspect of the work is neglected

Ownership

• Takes ownership for quality by dedicating the required time and energy to assignments and making sure no aspect of the work is neglected.
• Makes sure all tasks undertaken are seen to completion in a professional and courteous manner.
• Ensures all systems used are always working correctly.

Requirements and Skills:

• Security Operations Center (SOC) environment experience with at least 1 years of IT to include 1+ years of related SOC and incident monitoring experience a MUST
• Experience with SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation
• Excellent analytical and problem-solving skills
• Experience with technical writing
• Possess an understanding of security standards and risk management
• Have excellent written and verbal communication skills
• Possess the ability to adjust and adapt to changing priorities in a dynamic environment
• Be able to multi-task and be pro-active in addressing issues and requests
• Possess technical acumen and the ability to understand and interpret technical specifications