POSITION TITLE: Cyber Security Operations Center Analyst – Stamford, CT
The Cyber SOC Analyst will manage the end-to-end operational deployment, verification, incident handling and support of our Customers’ global SIEM as a Service solution. This is a technical operational role focused on delivering quality service to our customers.
This is not a remote position. Daily presence in the Stamford, CT Security Operations Center is required.
- Provide operational and technical support to our Customers. (note, candidates will receive training on all proprietary tool sets)
- Manage security incident investigation and diagnosis (performs triage on incidents which are reported by the SIEM tool to filter out false positives and known accepted activities)
- Validate incident containment and remediation recommendations provided to Customers.
- Ensure all unresolvable cases are passed to the correct team for action as appropriate
- Ensure high level of quality when managing tickets, requests and Customer queries
- Execute Customer on-boarding
- Capture requirements and prepare Customer SIEM filter & tuning requests
- Prepare reports & distribute in readiness for Customer tuning calls
- Execute Customer SIEM Portal provisioning
- Arrange & manage client calls (record outputs/actions appropriately)
- Create scheduled Customer reporting, from existing reports, where appropriate
- Maintain technical knowledge, tool proficiency, and system accesses, which allow you to perform the role
- Ensure documentation is maintained appropriately on Sharepoint & new documents are created/stored correctly
- Engage with Customers to build and maintain good, professional relationships
- Manage operational relationships with all relevant parties (e.g. working Black Stratus to driving Customer issues & identification of solutions)
Responsible for the application of IT Security Policy, processes & procedures to mitigate risks to our Customers
May be required to provide on call emergency support if required by the business.
- Qualified to degree level, or equivalent professional experience and/or with recognized technical/security qualifications.
- Relevant experience and understanding of Network Security Systems & Operations
- Understanding of system logging including both Security and non-security logs; must be able to provide examples of plaintext vs. binary and identify the benefits/limitations
- General knowledge of Linux/Unix and Microsoft Security Logging Policies (e.g. where they are implemented and why you don’t just log everything)
- General knowledge of Network Application Logs Especially Proxies, Web Application Firewalls, and Stateful Firewalls (e.g. What are fields one sees in an Application log they wouldn’t see in a Stateful Firewall log)
- General knowledge of Syslog, SNMP, WMI and the benefits and limitations of each
- Knowledge of Security management, network and information security, and end user security.
- User level experience with UNIX/Linux systems
- Experience supporting one or more services within a Security Operations Center is a plus
- Excellent verbal and written communication skills with the ability to work effectively in a group setting. Consistent and proper communication to Customers, management, and team.
- Ability to partner with teams such as developers, vendors, analysts, and project managers.
Excellent Benefits Package (medical, dental, vision, FSA, paid time off, 401k)