Security Operations Command (Soc) Analyst

CyAlly is seeking a Security Operation Command (SOC) Analyst to join our team. This position will report directly to the SOC Manager.

The Entry Level SOC Analyst role will be responsible for day-to-day security threat monitoring, analysis, and response. You will manage security incidents and review security alerts, determine if the security events are false positives, true positives, or false negatives, and work with incident responders on known or suspected security threats. The Security Analyst will work on threat intelligence gathering and integration, forensics, and incident response that adhere to best practices and recognized control frameworks. Training will be given on the job with a 90-day performance evaluation.

$35,000 - $40,000 yearly

• Responsible for working in a 24 x 7 Security Operation Command (SOC) environment.
• Investigate incidents using SIEM and UEBA technologies, packet captures, reports, data visualization, and pattern analysis.
• Analyze, escalate, and assist in the remediation of critical information security incidents.
• Improve and challenge existing processes and procedures in a very agile and fast-moving information security environment.
• Able to participate in an on-call rotation.
• Perform real-time alert monitoring and risk mitigation.
• Provide analysis and trending of security log data from a large number of heterogeneous security devices across different layers.
• Provide Incident Response (IR) support when analysis confirms the actionable incident.
• Provide threat and vulnerability analysis as well as security advisory services.
• Analyze and respond to previously undisclosed software and hardware vulnerabilities.
• Investigate, document, and report on information security issues and emerging trends.
• Integrate and share information with other analysts and teams.
• Participate in security projects and assist network operations and engineering teams.
• Other tasks and responsibilities as assigned by SOC Manager.

• Five years of experience in a related field (IT System Admin, Security, Forensics, or Computer Science) is preferred
• At least 2 years of experience as a security analyst, incident handler/responder, security engineer, or penetration tester.
• Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).
• Excellent knowledge of technical security solutions (firewalls, SIEM, NIDS/NIPS/HIDS/HIPS, AVs, DLP, proxies, network behavioral analytics, endpoint, and cloud security).
• In-depth knowledge of TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, and HTTP Protocols, network analysis, and network/security applications.
• Good knowledge of common malware threats and attack methodologies.
• Professional Certifications: GCIA, GCIH, GCFE, GCFA, Security+, CCNA CyberOps, OSCP, GPEN, GWAPT, CEH, CISSP, or other equivalent certifications are highly desirable.

Core Competencies:

• Accountable for the successful completion of multiple, individual projects simultaneously.
• Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences.
• Manage change and demonstrate adaptability by adjusting priorities or processes and approaching as needs dictate.
• Work independently as a team representative in the SOC as well as showing excellent teamwork skills.
• Ability to develop thorough documentation and operational playbooks, in addition, to suggest alert enhancements to improve detection capability.
• Experienced in working with external vendors and third parties.
• Good understanding of system and network hardening practices.

CyAlly is a global cyber solutions, intelligence, and forensic advisory firm. Our seasoned staff supports, monitors, conducts threat intelligence, security hardening, information technology audits, and cyber advisory to help organizations succeed. The technology world is battling cyberterrorism. Our mission is to protect our clients' confidentiality, integrity, and availability of their information technology data from all threats.