CSOC Analyst

Title: Senior CSOC Analyst

Location: Little Rock, AR or Houston, TX (Hybrid)

Length : Fulltime



The Cyber Security Operations Center Analyst is a level 3 position, will be responsible for investigating and responding to security incidents, understanding, and mitigating attack vectors, and staying abreast of the evolving threat landscape. The ideal candidate is detail oriented, a problem solver with critical thinking skills, and focused on process improvement.



Responsibilities:

Analyze digital evidence and perform forensic analysis to determine root cause.
Identify and implement automation with SOAR, SIEM, or similar tools to improve capabilities.
Identify problematic trends and take proactive steps to mitigate negative impacts to customer base.
Conduct thorough investigations into security incidents, including but not limited to, malware infections, phishing attempts, and unauthorized access attempts.
Analyze and understand various attack vectors used by threat actors to compromise systems and data.
Monitor and assess the threat landscape to identify emerging threats and vulnerabilities relevant to our environment.
Monitor and participate in training and exercises to ensure CSOC team proficiency.
Participate in post-incident reviews to identify lessons learned and best practices.
Perform network investigations to identify and mitigate potential security risks and intrusions.
Collaborate with cross-functional teams to implement security controls and measures to enhance our overall security posture.
Understand and perform cloud security monitoring and improve maturity posture.
Develop and maintain incident response procedures and playbooks to ensure effective and efficient response to security incidents.
Support the threat hunting team to identify gaps of coverage and make recommendations on use cases for monitoring.
Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry.
Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management.
Approximately 20% onsite



Requirements:

5+ years of cyber security experience, across multiple disciplines (incident response, threat hunting, monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, etc.)
3 years of hands-on experience working with Security Incident and Event Management (SIEM such as Splunk), incident response in a SOC environment with a structured after-hours process
In-depth knowledge of various attack vectors, threat intelligence sources, and the cybersecurity threat landscape.
Experience with network investigations, intrusion detection systems (IDS), and security information and event management (SIEM) tools.
Strong knowledge of Security orchestration, automation, and response (SOAR) systems.
Strong understanding of MITRE ATT&CK Framework
Strong understanding of cloud environment for security principles and best practices
Ability to perform computer network attack analysis and collaborate with counterintelligence and law enforcement investigations.
Has experience providing guidance and mentorship to others in cyber threat analysis and operations.
Able to proactively identify possible threats, security gaps and vulnerabilities.
Advanced knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks
Outstanding problem-solving/decision making ability.
Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms.
Exceptional interpersonal skills, including teamwork, facilitation, and training.
Strong report writing and communication and ability to effectively communicate across the organization.