Our client in Irvine, California is seeking a Sr. SOC Analyst with a Developer, Threat Hunter, or Systems Admin background.
This position is responsible for providing advanced-level security monitoring services to client companies by gathering security events from security devices, network devices and computers in customer network to security monitoring system in a data center. This senior role is also accountable for developing SIEM contents and tools to enhance the SOC capabilities.
PRIMARY RESPONSIBILITIES
• Provide 24×7 monitoring and analysis of SIEM events to identify potential security risks and
vulnerabilities.
o Coordinate and collaborate with others for the investigation, remediation, and
implementation of preventative measures for cybersecurity events and incidents.
o Manage escalations received from Tier I SOC Analysts.
o Triage and investigate events to identify security incidents.
o Provide detailed analysis of security events and investigations.
o Recommend actions to customers for cybersecurity events and incidents.
o Log security incidents in the case management system, managing security incidents
throughout their lifecycle to closure.
• Develop SIEM contents and other programs to enhance the SOC efficiency and detection
capability.
o Enhance existing programs, troubleshooting as necessary.
o Develop SIEM contents such as rules, reports, etc.
o Develop integration programs such as log collection scripts, remediation scripts, etc.
• Serve as a subject matter expert in at least one security-related area (e.g. specific security
solution, Windows, etc.).
• Provide technical support for the SOC services and security products that client delivers.
OTHER & MISCELLANEOUS
• Provide coaching, training, and support development of documentation for Tier I SOC Analysts.
• Manage stakeholders’ expectations and relationships in pre-sales and post-sales activities
including onsite visits.
• Provide routine reporting to customers.
• Seek constant improvement, more efficient, and less expensive ways and means in work
processes.
• Perform maintenance and enhancement of the SOC service such as maintenance and
enhancement of SIEM contents, SOC documents, SOC tools, and SOC infrastructure.
• Perform special projects and other miscellaneous duties as assigned by management, including supporting ad-hoc data and investigation requests.
• Report all irregular issues and problems to management for resolution.
• Maintain high ethical standards in the workplace.
• Maintain good communication with management, office staff members, and outside contacts.
• Comply with all company policies and procedures, including maintaining a clean and safe working area.
Qualifications (if developer)
Education & Work Experience
• At least 4 years of experience as a SOC analyst, including event triage and incident management.
• Prior experience with SIEM tuning and administration .
• Proficiency in popular coding languages including Python, Java and C++ and frameworks.
• Relevant cybersecurity experience including SIEM operations, forensic acquisition and analysis of evidence, event management, and incident management.
• Demonstrated experience with leading incident response calls, meetings, and activities by
providing direction to other team members and partner vendors.
• Ability to multitask, including answering multiple calls, prioritizing emails, instant messaging/chat environments, and ticket-related communications. Prior experience working in fast-paced environment with the ability to manage workloads when handling incident responses with competing priorities.
Qualifications (If Threat Hunter)
Education & Work Experience
• At least 4 years of experience as a SOC analyst, including event triage and incident management.
• Prior experience with SIEM tuning and administration.
• Relevant cybersecurity experience including SIEM operations, forensic acquisition and analysis of evidence, event management, and incident management.
• Demonstrated experience with leading incident response calls, meetings, and activities by providing direction to other team members and partner vendors.
• Ability to multitask, including answering multiple calls, prioritizing emails, instant messaging/chat environments, and ticket-related communications. Prior experience working in fast-paced environment with the ability to manage workloads when handling incident responses with competing priorities.
• Bachelor’s degree in a relevant field of study (e.g. Cybersecurity, Information Systems, Computer Science, Security & Risk Management, etc.). Master’s Degree preferred. • Previous experience in incident investigation utilizing EDR tools.
• Advanced knowledge and strong interest in cybersecurity (attack methods, malware techniques, etc.).
• Fluent in English, both written and verbal, with excellent oral and written communication skills.
• Experience with reporting tools
• Bachelor’s degree in a relevant field of study (e.g. Cybersecurity, Information Systems, Computer Science, Security & Risk Management, etc.).
Master’s Degree preferred.
Qualifications (if System Admin)
Education & Work Experience
• At least 4 years of experience as a SOC analyst, including event triage and incident management.
• Prior experience with SIEM tuning and administration.
• Proven experience as a System Administrator, Network Administrator or similar role.
• Relevant cybersecurity experience including SIEM operations, forensic acquisition and analysis of evidence, event management, and incident management.
• Demonstrated experience with leading incident response calls, meetings, and activities by providing direction to other team members and partner vendors.
• Ability to multitask, including answering multiple calls, prioritizing emails, instant messaging/chat environments, and ticket-related communications. Prior experience working in fast-paced environment with the ability to manage workloads when handling incident responses with competing priorities.
• Bachelor’s degree in a relevant field of study (e.g. Cybersecurity, Information Systems, Computer Science, Security & Risk Management, etc.). Master’s Degree preferred.
• Previous experience in incident investigation utilizing EDR tools.
• Advanced knowledge and strong interest in cybersecurity (attack methods, malware techniques, etc.).
• Fluent in English, both written and verbal, with excellent oral and written communication skills. • Experience with reporting tools.
Tools & Equipment
• Software includes the use of Windows operating system, MS Office
• General office equipment including phones, fax, copier, personal computer, printer, scanner, etc.
Certificates/Licenses
• CISSP or GIAC 50X or above (required)
• MCSE, MCP, CCNA, Security +, preferred