Skip to main content

SOC Analyst/IR Analyst (Remote or NYC, Atlanta)

Job Title:  SOC/Incident Response Analyst

Responsible for carrying out daily monitoring and response security procedures. 


Responsibilities:

  • Monitor IT systems, Security alerting queues, and review daily reports
  • Perform initial incident assessment, evidence gathering, and triage
  • Escalate incidents, and participate in remediation efforts
  • Provide feedback and recommendations for improvement of security controls and response procedures
  • Communicates with peer Security Operations teams and management with expected interactions with business users and vendors
  • Assists with day-to-day security functions, respond to help tickets, requests for assistance with accessing client’s systems software
  • Responsible for managing Digital Loss Prevention security detection infrastructure and software solution
  • Responsible for managing security forensics projects and investigations around DLP use cases
  • Responsible for monitoring/analyzing security related events
  • Responsible for configuration and management of machine data logging platform
  • Develops DLP/security related dashboards and reports
  • Responsible for ongoing security assessments, vulnerability scans, and related remediation
  • Develops and publishes information security policies, procedures, standards, and guidelines based on security industry best practices
  • Manages and executes security projects to ensure enterprise security risks are detected, communicated, managed, and resolved
  • Collaborates with IT Management, Legal, Internal Audit and Human Resources in the development and implementation of IT Security policies, standards, procedures, and awareness
  • Provides security and compliance support to all associates and departments enterprise wide, including consulting and interacting with third party organizations (auditors/assessors/vendors)

Requirements:

  • Bachelor’s Degree in Information Technology, Engineering, or a related field preferred
  • 2 years minimum working in Information Technology or Computing field
  • Basic understanding of security defenses (anti-virus, firewalls, access controls)
  • Basic understanding of types of attacks, exploits, & methods used to compromise or damage computing systems & networks
  • Basic understanding of networking & internet communications
  • Security+ or similar security certification a plus
  • Experience with any of the following technologies greatly preferred:
        – Splunk Log & Event platform )basic query & report building)
        – Network Access Control
        – Rapid7 Nexpose\InsightVM (Vulnerability Scanning)
        – Advanced Detection & Response Endpoint Agents
        – Network packet capture & event analysis
        – Threat intelligence platforms
        – Microsoft patching & device management platforms.

Must Have:

  • Valid Driver’s License
  • Valid Passport