SOC Analyst - Tier 2
CyBourn, US /
Analyst, Remote, Hybrid
As part of the Incident Response team, the Tier 2 Security Analyst is responsible for identifying, triaging, investigating, and responding to security incidents. The analyst will investigate and respond to security incidents escalated from Tier 1 SOC Analysts, conduct in-depth analysis, and identify the root cause of incidents.
The analyst will provide recommendations for remediation, manage security incidents, and collaborate with other security teams to ensure timely and effective incident response. The role requires strong technical skills, knowledge of network and application security, and experience working in a security operations center. Tier 2 SOC Analyst must also have strong communication, problem-solving, and analytical skills.
Roles and Responsibilities
- Responsible for the alerts triage, investigation, escalation and closing processes in order to ensure that any incidents have been properly identified while meeting contractual requirements and established SLA’s.
- Analyze security events from multiple sources including but not limited to events from SIEM tools, SOAR Platform, network and host-based IDS, firewall logs, system logs (Unix & Windows), mainframes, applications and databases.
- Own the full lifecycle of a security incident from discovery to completion to include root cause analysis and guidance in recovery efforts.
- Expertise of Operating Systems (Windows/Linux) operations and artifacts.
- Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc.), and devices (Firewalls, Proxies, Load Balancers, VPN, etc.)
- Ability to recognize suspicious activity/events, common attacker TTPs, and perform logical analysis and research to determine root cause and scope of incidents.
- Be familiar with Cyber Kill Chain and have utilized the ATT&CK Framework.
- Have scripting experience with Python, PowerShell, and/or Bash (this is a plus)
- Ability to independently prioritize and complete multiple tasks with little to no supervision.
- Flexible and adaptable self-starter with strong relationship-building skills.
- Strong problem-solving abilities with an analytic and qualitative eye for reasoning.
- Strong verbal and written communication skills.
- Ability to communicate with all levels of audiences (subordinates, peers & leadership).
Specific Tasks/Responsibilities: Incident Response
- Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
- Collaborate with client representatives, other analysts and engineering for resolution and mitigation of detected issues.
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
- Collect intrusion artifacts (e.g., source code, malware, Trojans) and uses discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
- Coordinate intelligence support to operational planning activities.
- Provides feedback on flows/processes/tools issues and reported them according to internal processes.
- Perform malware analysis in isolated sandbox environments.
- Perform analysis of collected data using specialized tools to detect and track intrusions on affected assets.
- Determines the original point of entry, the incident timeline and affected data.
- Define playbooks and investigation forms.
- Contribute to different learning projects/labs.
- Bachelors’ degree in either: Computer Science, Engineering, Information Technology, Cyber Security, or 4-8 years of related field experience.
- Additional years of experience and cyber certifications may be considered in lieu of a degree.
- Understand, enforce, and adhere to the company policies and procedures.
- Have read and understand the Information Security Policy and supporting procedures and do not hinder in any way the proper execution of procedures defined within.
- Understand and abide by our non-disclosure and confidentiality agreements.
Are you looking for a new career opportunity that will help you achieve your professional goals and propel your career forward? Look no further than CyBourn!
As a fast-growing and motivated company, we are on the lookout for talented individuals who want to be a part of our dynamic team. We are committed to investing in our employees' futures, providing them with the tools and resources needed to succeed and reach their full potential.
Joining CyBourn means that you will be part of an exciting journey towards success. We believe in providing our employees with a supportive and collaborative work environment, where they can grow and develop their skills while contributing to the success of our company.
We are seeking individuals who are driven, passionate, and excited about the world of cybersecurity. Whether you're an experienced professional or just starting your career, we welcome all applicants who share our values and are eager to learn and grow.
If you're ready to take the next step in your career and want to be a part of an exciting and growing company, consider joining CyBourn. We can't wait to hear from you and see how we can work together to achieve great things.
At CyBourn, we are committed to combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.