• Work with the managed SOC provider, NOC, IT and business units to triage, investigate and remediate detected security alerts and incidents
• Conduct in-depth investigation of alerts. Perform analysis and correlation of network traffic for OS and application level-alerts
• Tune signals and alerts in collaboration with SOC service provider
• Create new and maintain existing SOC standards, procedures and playbooks
• Responsible for threat monitoring and assists with incident investigation and response.
• Assists with monitoring, threat hunting, tracking, and analyzing networks/systems for potential security violations/anomalies and responding to incidents.
• Analyzes and correlates security logs and event data.
• Collaborates with adjacent IT teams in securing and monitoring network & server infrastructures, applications, filtering appliances, firewalls, and cloud-based services.
• Contributes to the development of security standards, access controls, and compliance requirements of applications, network infrastructure, servers, and workstations.
• Maintains awareness of current and emerging threat landscape.
• Compiles security & compliance metrics.
• Documents and escalates security incidents within specified/assigned systems to ensure timely follow-up and tracking.
• Documents procedures and policies, and trains staff in procedures.

Required Skills and Knowledge:

• Strong understanding of IT Infrastructure components and concepts like networking, server administration, firewalls, access controls, and identity and access management.
• Ability to quickly triage multiple security alerts and assign the right priority based upon risk and confidence levels
• Strong understanding of encryption technologies.
• Knowledge of Identity & Access Management practices, systems, and controls.
• Experience performing security monitoring, alert triage and incident response duties in a SOC environment
• Excellent analytical and problem-solving skills.
• Security automation experience is desired
• Acts with integrity.
• Demonstrate the ability to adjust to changes in customer demands or operational goals.
• Results oriented and can demonstrate a 'can-do' attitude, adaptability, flexibility, and resourcefulness.
• Strong teamwork with peers with a consultative solution approach.
• Strong time management skills and the ability to multi-task.
• Excellent written, oral, and presentation skills.
• Excellent customer services orientation and experience in business-related interactions.
• Ability to work as a self-starter with minimal supervision.
• Ability to provide user support both remotely and in person.
• Desire to learn new skills and technology.
• Flexibility to work some off-hours and on weekends.

​

Basic Qualifications:

• 5+ years work experience in IT related fields.
• 3+ years of cyber security, forensics, incident response, or threat hunting experience
• Experience using risk-based/cybersecurity frameworks, such as NIST, and knowledge of cyber incident management processes.
• Familiarity with Network-, Mobile Devices- and Windows Operating System Risks and Vulnerabilities.
• Cloud security operations, Cisco, and other network and firewall certifications and training a plus.

​

Preferred Qualifications:

• Desired Certifications: CISSP, CCSP, GCIA, GCIH, GPEN or CEH.

Work Conditions:

Office Environment

Some travel (Once per quarter or less).

​

Disclaimer: Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.