Security Operations Analyst III

Overview

The Analyst III role serves as a senior escalation point for all SOC technical matters. This role reports directly to a business-vertical specific SOC Team Lead and is a key stakeholder in the maturation of SOC services and processes. Success in this role requires strong technical, collaboration, and organizational skills.

Reports

This position has no direct reports.

Principal Responsibilities

• Lives by the NuHarbor corporate values:
  • Protect our house.
  • Help clients win.
  • Always improve.
• Executes threat hunting and incident response.
• Provides technical direction and mentoring to SOC analyst team members.
• Collaborates on creative and innovative technical solutions in line with Managed Service strategic directives.
• Proactively addresses and manages customer issues to help clients win.
• Assists in developing training criteria to foster excellence within the SOC.
• Maintains current certifications and training to support our clients effectively.

Requirements

• Bachelor's Degree preferred or seven (7) years' working in directly applicable Cybersecurity positions.
• Demonstrated experience with SOC operations, executing security event triaging and tuning.
• Demonstrated experience writing playbooks and support procedures.
• Strong understanding of Incident Response phases and demonstrated experience responding to security incidents.
• Demonstrated experience with Endpoint Detection and Response (EDR) or Security Orchestration Automation and Response (SOAR) solutions.
• Demonstrated experience with scripting in industry standard languages in a manner that supports EDR or SOAR solutions.
• Hold at least one relevant industry certification (GCFA, GCIH, CEH, CISSP, etc.)

Qualifications

• Five (5) or more years in the Information Technology or Cybersecurity field.

• Demonstrated experience with security event triaging and threat hunting executed through both a SIEM and EDR toolset.
• Excellent written and verbal communication skills.
• Technical writing and reporting experience.
• Experience executing initial triaging and response through a SOAR platform.
• Experience with multiple operating systems (Linux, MacOS, Windows), their command lines, processes, and file systems.

• Experience with memory and storage forensics.

• Experience with static and dynamic malware analysis.
• Experience providing recommendations to harden existing security controls.
• Experience identifying gaps within security control architecture.
• Talent for communicating complex topics in an easily digestible manner.
• Experience with data science techniques (clustering, anomaly detection, data normalization, etc.)
• General systems administrator experience a plus.