Security SOC Analyst - Mid Level (Troy)

The Tier 2 SOC Analyst supports a 24x7x365 Security Operations Center and monitors security tools, assesses threats, and the risks involving client infrastructure. This position provides investigative support to SOC Tier 1 analysts in response to security incidents for managed security services customers. The Tier 2 SOC Analyst also provides firewall change management and change control services. The role follows standard operating procedures for detecting, classifying, and reporting incidents under the supervision of the SOC Manager and in partnership with Tier 1 SOC Analysts. This position requires shift work outside of normal business hours (8 am “ 5 pm) including nights and weekends.

An experienced Tier 2 SOC Analyst will have the ability to utilize commercial and open source tools to quickly analyze, detect, and respond to cybersecurity incidents. Candidates must have the ability to learn new concepts and development methodologies quickly and have the ability to interact with other teams on time sensitive incidents.

Reports To:

Works under the supervision of the Manager, Security Operations Center.

Direct Reports:

None.

Services We Provide:

We are 100% focused on security: Managed threat detection, response and compliance services

Our Differentiated Solution:

We orchestrate best-of-breed security solutions into a comprehensive security platform by enabling companies to navigate complex regulatory and compliance requirements with a security-centric approach.

Our Employees:

TECH LOCK employees are the fuel for the engine powering our growth and innovation. TECH LOCK is defined by our culture “ one that rewards innovation and teamwork. If youre looking for exciting challenges and rapid career growth, TECH LOCK will be your path to success. We encourage our people to be bold and solve the problems that keep our customers secure. Our teams work together to solve complex security challenges in a fun atmosphere that values empowerment, ownership, excellence and integrity while striving to achieve 100% customer satisfaction.

Our Customers:

TECH LOCK CARES about our customers. We have specific expertise in the Financial Services, Healthcare, Hospitality, Retail and Manufacturing industry segments.

Essential Duties and Responsibilities:

Works with other SOC team members to monitor and triage cybersecurity events

Analyze security threats for managed services customer networks and endpoints

Provide advice and guidance on incident handling and proper escalation internally and with clients

Provide teaching / mentoring to SOC Tier 1 Analysts

Document security incident use cases, develop and update procedures as part of SOC run book

Process incident communications including initial reporting, follow-ups, requests for information and resolution activity.

Process change requests for managed firewall / unified threat management (UTM) customers

Provide remote support to customers for incident response

Install / Configure Security Tools

Monitor health of security sensors/endpoints

Perform threat hunting based on emerging IOCs or Vulnerabilities

Work with customers to verify and document their technology architecture, asset inventory, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats as identified by client threat intelligence, and recent security incidents

Other Duties:

Remain engaged with technical forums and user groups

Other relevant tasks as directed by department leadership.

Embrace the Company Values:

Empowered To Act

Committed to Excellence

Own It

Do The Right Thing

Earn Trust

Desired Minimum Qualifications:

Education and Experience:

Graduation from an accredited four‘year college or university in a technical / engineering discipline

Three (3) years of experience in cybersecurity and/or information technology (IT) security

Two (2) years SOC environment experience with security engineering and monitoring experience is required.

Knowledge of security incident and event management, log analysis, network traffic analysis, malware investigation/remediation, SIEM correlation logic and alert generation

Demonstrated ability to analyze, triage and remediate security incidents

Understanding of Security principles, techniques and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10

Moderate knowledge of networking fundamentals and security related technologies (TCP/IP, Network Layers, Firewalls, IDS/IPS, WAF)

Basic knowledge of audit requirements (PCI, HIPPA, HiTrust)

Any equivalent combination of education and experience will be considered.

Required Skills, and Abilities:

Excellent verbal and written communication skills required.

Experience in troubleshooting in a technical environment.

Excellent analytical and problem-solving skills.

Software and hardware knowledge of computing, storage, networking, and peripheral devices.

Proficiency with case management and ticketing systems

Superior customer service skills

Phone and remote support experience, knowledge and resolution ability required

Desirable certifications include:

o Certified Incident Handler (GCIH)

o Certified Intrusion Analyst (GIAC)

o Certified Ethical hacker (CEH)

o Certified Expert penetration tester (CEPT)

o Certified Information Systems Security Professional (CISSP)

o Networking Certifications (CCNA, etc.)

o Platform Certifications (Microsoft, Linux, Solaris, etc.)

Active security clearance is a plus but not required

Special Requirements:

This position may require occasional travel for training and meetings. Projected <5%.

Tools and Equipment Used:

Personal computer, including word-processing, database and spreadsheet programs; calculator, telephone, copy and fax machine, Microsoft Office and Visio applications, and specialized security tools.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Percentage of time sitting at desk, typing on keyboard, viewing computer monitor; 70% “ 80%

While performing the duties of this job, the employee is frequently required to sit and talk or hear. The employee is occasionally required to walk; use hands to finger, handle, or feel objects, tools, or controls; and reach with hands and arms

The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.