IT Security SOCAnalyst
POSITION DESCRIPTION :
The SOC Analysts work collaboratively to detect and respond to information security incidents, maintain and follow procedures for security event alerting, and participate in security incident investigations.
The SOC analyst is responsible for investigating security events by performing the following :
The SOC Analyst’s primary responsibility is to determine what alerts or abnormal activity represents a real threat to Citco assets and data, by performing threat identification, containment, eradication, analysis and reporting.
The SOC Analyst achieves this by working with threat protection solutions like :
Security Incident and Event Management (SIEM)
Endpoint Protection (EPP)
Endpoint Detection & Response (EDR) systems
Email Threat Protection (ETP) platforms
Security Orchestration, Automation and Response (SOAR) platform
Intrusion Prevention Systems (IPS) or NGFW’s
The SOC Analyst is expected to understand fundamental networking and security principles as well as be familiar with common network and endpoint security threat protection solutions.
A strong candidate will have a proven understanding of current cyber threats, threat intelligence and an understanding of attack trends relevant to an enterprise environment.
Security Analysts work with and learn from experienced security team leaders and use the latest technology to detect, analyze and limit intrusions and security events.
Candidates must be willing to work in a 24x7x365 SOC environment, demonstrate intuitive problem solving skills and allow for flexible scheduling.
The SOC Analyst must be competent to work at a high technical level, have a good understanding of threat routes / pathways, identification of potential / active threats, and understand how threat vectors can impact the environment.
ORGANIZATIONAL RELATIONS :
This position is within the IT Security group which is responsible for overseeing information security within Citco.
PRINCIPAL ACCOUNTABILITIES :
Monitors and analyzes Intrusion Prevention Systems (IPS) and Security Information and Event Management (SIEM) to identify security issues for remediation
Performs network and endpoint security monitoring and incident response
Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies
Creates, modifies, and updates Security Information Event Management (SIEM) rules
Escalates alerts regarding intrusions and compromises to the network infrastructure, applications and operating systems.
Assists with analysis of threat data obtained from proprietary and open source resources to provide indication and warnings of impending attacks against networks within the relevant vertical
Prepares briefings for SOC Manager and reports of analysis methodology and results
Creates and maintains standard operating procedures and other similar documentation
Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty
Work independently with or without direction and / or supervision
Demonstrate effective teamwork and working relationships with others, both from CITCO and security vendors
Other projects and responsibilities, as assigned by direct supervisor
EDUCATION, EXPERIENCE & SKILLS :
2 to 4 years experience in an in-house Security Operations Center team, or in an Security Consulting firm with an understanding of networking principles in a global environment across multiple data centers
Candidates must be able to work a flexible schedule within a 24x7x365 Security Operations Center (SOC) environment, as well as may be expected to work holidays.
A strong candidate is expected to have some or all of the following traits : EXCELLENT ANALYTICAL AND PROBLEM SOLVING SKILLS AND INTERPERSONAL SKILLS TO INTERACT WITH TEAM MEMBERS AND UPPER MANAGEMENTAN UNDERSTANDING OF CYBER SECURITY INCIDENT RESPONSE AND NETWORK SECURITY MONITORINGFUNDAMENTAL UNDERSTANDING OF COMPUTER NETWORKING (TCP / IP), KNOWLEDGE OF WINDOWS, LINUX AND CISCO OPERATING SYSTEMS AND INFORMATION SECURITY PRINCIPLESKNOWLEDGE OF INTRUSION DETECTION / PREVENTION SYSTEMS (IDS / IPS) AND SIEM TECHNOLOGIES IN AN ENTERPRISE ENVIRONMENTGOOD KNOWLEDGE OF ENDPOINT PROTECTION (EPP) AND ENDPOINT DEFENSE AND RESPONSE (EDR) SOLUTIONSFAMILIARITIY WITH SYSINTERNALS TOOLSDRIVE TO LEARN AND A DESIRE AND MONTIVATION TO ACHIEVE IT SECURITY RELATED CERTIFICATIONS
WHAT WE OFFER :
We offer a challenging job in a growing international company, an opportunity to expand your business knowledge by working with prestigious clients and complex financial and technological instruments, and a friendly and fast-paced environment.
Additionally, Citco is proud to offer our employees competitive compensation, vacation and health insurance benefits.