Cyber Security Operations Center (CSOC) Analyst – Tier 3

Job Description:

• Understand that as the Tier 3 (highest level) engineer, you’re expected to handle potential incidents and act as the as a subject matter expert for all security-related tickets that come into the team's various queues (including triage, containment, and remediation when necessary).
• Receive incident escalations from Tier 1 and 2 analysts, assisting with real-time advanced analysis, response, and reporting.
• Mentor and assist in training Tier 1 and 2 analysts to aid in their skills development and analytical capabilities.
• Proactively hunt for threats and enacting identification, containment, and eradication measures while supporting recovery efforts.
• Serve as a point person for coordination with appropriate parties during a security incident – client, management, legal, security, operations, etc.
• Create thorough reports and documentation of all incidents and procedures, presenting findings to team and leadership on a routine basis.
• Incident Response: remote remediation when possible and working with onsite teams when necessary.
• Detailed documentation of events and remediation steps taken.
• Root Cause Analysis: initiation and follow-through to ensure quality forensic materials are captured, writing reports with details and timelines of events with recommendations to avoid future occurrences.
• Assist in the general maintenance and improvement of procedures, processes and playbooks.
• Conduct research regarding the latest methods, tools, and trends in digital forensics analysis.
• Conduct analysis using logs, previous alerts, etc. to identify trends to identify and prevent potential incidents.
• Follow standard operating procedures (SOPs) to ensure tickets are triaged appropriately and in a timely manner, according to SLAs.
• Excel at documentation and detailed notetaking, including SOP writing, incident reporting, e-mail and instant messaging etiquette, and most importantly, documenting incident actions in tickets.
• This role is responsible for completing incident reports and forensic reports, when appropriate, so competent writing skills are necessary.
• Ability to know when to appropriately escalate a potential issue to peers and/or leadership.
• Desire to learn new concepts and technologies to grow and take on more responsibility over time.
• Ability to communicate risk, prioritize incident response actions, and keep a cool head under pressure.
• Advanced experience with security tools like Splunk, CrowdStrike EDR, Carbon Black EDR, Proofpoint tools, Microsoft Defender components, Cyberhaven DLP, Axiom Cyber and open-source forensic tools, Cylance Protect, Office 365 tools, PowerShell, and various network tools, etc.
• Understanding the various stages of incident response, the importance and critical factors of an investigation, and how to contain as soon as possible.
• Have experience with the incident response lifecycle, the Lockheed Martin Cyber Kill Chain, the MITRE framework, and the forensic workflows as outlined by NIST.
• Work with development teams to ensure they're using best practices and company processes in their daily activities.
• Drive self-organization; help determine how the team functions in collaboration with your peers.
• Build strong relationships with cross-functional team members between the three tiers of the CSOC.
• Participate in off-hours on-call incident handler rotation, which is a requirement for this role, as incidents may be escalated outside of normal business hours by our 24/7/365 Tier 2 team. Tier 3 teammates rotate on-call responsibilities which requires each teammate to be formally on-call roughly one week a month. Requirements:
• Bachelor's degree or higher in cyber security, computer science, or related field.
• 6-10 years of cyber security experience, including at least five years in an incident response role.
• Completion of the GIAC Certified Incident Handler (GCIH), GIAC Security Operations Certified (GSOC), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), or equivalent.
• Experience with endpoint detection and response (EDR) solutions, including a fundamental understanding of memory processes and memory management practices for Windows, macOS, and Linux systems.
• Information Security familiarity and training, including areas such as incident response, computer forensics (host and network-based), malware analysis, risk assessment, vulnerability testing, penetration testing, and insider threat investigations.
• Experience participating in penetration tests, purple team exercises, and threat hunts, including remediation.
• Experience in distributed systems and cloud-based architecture including Amazon AWS, Microsoft Azure, and the native security tools available in these environments (Data Explorer, GuardDuty, Log Analytics, etc.).
• Experience with detection engineering for endpoint detection and response (EDR) solutions, Security Information and Event Management (SIEM) solutions such as Splunk and

Apply tot his job Apply To this Job