SOC Analyst 1

The purpose of this role is to support the VPLS Security Operations Center (SOC) in their mission by performing security engineering and analysis responsibilities.

Essential Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform the following satisfactorily; other duties may be assigned. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Continuous monitoring of the SOC security ticket queue, including alarms, incidents, and trouble tickets generated by many disparate event log sources, such as firewalls, routers, switches, IDS/IPS, endpoint protection software, Windows and Linux servers, and cloud environments
• Realtime triage and analysis of security tickets following formal VPLS SOC investigation and response procedures, including activities such as:
  • Using a security information and event management (SIEM) tool
  • Assessing if the security alert is a false positive, suspicious, or malicious
  • Notifying relevant parties
  • Remediating or escalating to another member of the team
• Ensuring your assigned tickets are triaged, updated, and closed in accordance to procedure and within SLAs
• Leading assigned security engineering projects, such as new customer product/service onboarding, and ensuring projects are completed within project timeline and budget
• Scheduled, proactive cybersecurity activities
  • Asset discovery scanning and network mapping
  • Vulnerability scanning
• Providing professional and technical written and/or verbal communication to relevant parties in English
• Contributing to the creation and improvement of documentation, such as policies, standards, baselines, guidelines, and procedures

Qualifications:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor's degree from four-year college or university; or one to two years related experience and/or training; or equivalent combination of education and experience.
• Read, analyze and interpret business, professional, technical or governmental documents. Write reports, business correspondence and procedure manuals. Effectively present information and respond to questions from managers, customers and the public.
• Add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals. Compute rate, ratio and percent, and draw and interpret bar graphs.
• Solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Interpret a variety of instructions furnished in written, oral, diagram, or schedule form.

Computer/Technical Skills:

• A strong understanding of:
  • A SOC’s mission and the SOC Analyst’s role in that mission
  • Cybersecurity fundamentals, including common cybersecurity issues, threats, attacks, and vulnerabilities
  • Log collection and analysis using a SIEM
  • Cyber threat management and incident response
  • Networking fundamentals including the OSI model and specifics of common network protocols
• General knowledge of most of the following, with strong understanding of at least 2 of the following:
  • Linux or Windows systems administration/engineering
  • Network administration/engineering
  • Cloud and virtualization concepts
  • Cryptography and PKI concepts
  • Identity and access management concepts
  • Network security technologies and tools – e.g., next-gen firewalls, IDS/IPS, secure web gateways/proxies, secure email gateways, VPN, NAC
  • Endpoint security technologies and tools – e.g., antivirus/anti-malware, EDR, HIDS, DLP
  • Protocol collection and analysis tools – e.g., tcpdump, Wireshark
  • Cyber threat intelligence and threat modeling
  • Vulnerability management, including vulnerability scanning tools – e.g., Qualys, Nessus, OpenVAS
  • Penetration testing and related tools – e.g., nmap, Metasploit, Burp Suite, John The Ripper
  • Digital forensics
  • Reverse engineering malware
  • Programming, scripting, and automation

Certificates and Licenses:

• CompTIA Security , CySA , or CASP
• Security Blue Team BTL1 - BTL3
• Fortinet NSE4 - NSE8
• AlienVault AVSE
• ISC2 SSCP, CISSP, CISSP-ISSAP, or CISSP-ISSEP
• Palo Alto PCNSE

Vhpiy5rBWs