Location : Evanston, IL
Job Type : Direct
Hours : Full Time
Required Years of Experience : 2+
Required Education : Bachelor's
Travel : No
Relocation : No
Job Description :
The Security Operations Center is organized as a team of analysts and engineers with end-to-end responsibility for our MSSP services. The SOC Analyst role is responsible for triaging security events and performing analysis on workstations, servers, mobile devices, cloud platforms, and network infrastructure, assisting with incident response, and researching attacker tactics to translate that knowledge into detection analytics. The ideal candidate should have experience with, and be able to demonstrate situational security awareness by pulling together information from a variety of systems and normalizing and correlating the information. This individual will be required to understand and navigate a variety of IDS, SIEM, and network/endpoint threat detection and response platforms, as well as be able to intelligently utilize a set of applications in order to perform their daily responsibilities, including a ticketing system, internal knowledgebase, etc. Experience with scripting languages, such as Python or PowerShell, will be utilized to develop and enhance internal process, automated systems, and investigation tools. Additional requirements for this individual include the ability to multitask effectively in a high paced environment, while at the same time staying extremely organized for client and activity follow up.
Required Qualifications :
Essential Duties and Responsibilities
- Analyze and process alarms
- Hunt for attackers using available data and tools
- Assist in developing detection analytics
- Stay updated on adversarial tactics, techniques, and procedures
- Continual evaluation and understanding of networking and security fundamentals and administration of Windows, Unix/Linux, and Macintosh, and
- network infrastructure devices.
- Collaborate with Sysadmins and Engineers to assist in the design, evaluation, and implementation of new security technologies for our clients.
- Collaborate with our internal Account Management Teams, internal Sysadmin Teams, and Client Teams when assisting with incident response.
- Help improve, develop, implement, and maintain SOC policies, processes and procedures.
- 2+ years of experience working in a SOC or incident response environment
- 2+ years of Experience with:
- Network traffic tools, techniques and analysis
- Host forensics tools, techniques and analysis
- IDS & IPS technologies, both signature and behavior based
- SIEM technologies and/or Windows event log analysis
- Working out of ticketing and RMM systems
- Basic Windows and Linux Sysadmin tasks
- Ability to work well as part of a cross-functional team environment
- Dynamic individual who is accountable and understands the importance of full ownership
- Strong analytical, organizational, and customer service skills
- Detail oriented as well as excellent written communications skills
- Self-motivated with the ability to work in a fast moving environment
- Ability to multi-task and adapt to changes quickly
- Above all, an innate curiosity and a passion for all things Information Technology and Information Security!
- SANS Certifications
- Python, BASH, SQL and/or Powershell scripting knowledge (other languages and/or scripting skills accepted as well)