Shatter I.T.’s Security Operations Center has a position opening for aSOC AnalystIII. The responsibilitiesof a SOC AnalystIIincludes diagnosing security events that cannot be resolved by the SOC Analyst II. Additionally, the Analyst will lead the development of security programs and controls for Shatter and Shatter’s customers. The SOC Analyst IIIwill establish and lead strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the implementation and activities of Plan of Actions and Milestones ( POA&Ms) as required. Support validation of Continuous Monitoring activities and monitorcorrective actions until all actions are closed
At Shatter I.T., we provide an exciting and challenging work environment, where performance and innovative thinking are encouraged and rewarded at every level. Our professional culture values teamwork, customer service and the exchange of ideas and thinking beyond boundaries.
Job Duties and Responsibilities:
- Handles incidents escalated from Tier II analysts using Security Incident Response life cycle (preparation; detection and analysis, containment, eradication and recovery; post-incident activity)
- Deep investigation into non-standard incidents or those for which a much higher level of rigor is required
- Create incidents if uncovered by threat hunting activities, reported by SOC team, Data Privacy, etc.
- Engage technical SMEs to provide new data and data sources
- Performs Threat Hunting given external/internal threat intelligence
- Works with Cyber Security team to prove threat scenarios
- Looks and tests new avenues of compromise and attacks that may circumvent existing controls
- Develops new processes for implementation, independently or directed
- Given threat scenarios from incidents, develops solutions and communicates to business owners for remediation
- Adds details data and context to incidents
- Writes incident reports and after-action documentation
- Assesses risk to customers based upon incidents, trends, and hunting activities and recommends remediation actions
- Participates in, or works directly on additional projects, assignments or initiatives as assigned, including but not limited to auditing engagements, security program implementations, and external CISO services
- Utilizes advanced technical background and experience in information technology and incident response handling to scrutinize and provide corrective analysis to escalated cybersecurity events from tier 2 analysts-distinguishing these events from benign activities, andescalating confirmed incidents to the Incident Response Lead.
- Coordinates, develops, and evaluates security programs for a customer’s organization. Recommends information assurance/security solutions to support customer’s requirements
- Provide in-depth cybersecurity analysis, and trending/correlation of large data-sets such as logs, event data, and alerts from diverse network devices and applications within the enterprise to identify and troubleshoot specific cybersecurity incidents, andmake sound technical recommendations that enable expeditious remediation.
- Provide forensic investigations of suspected or confirmed incidents
- Conduct security tool/application tuning engagementswith analysts and engineers to develop/adjust rules and analyze/develop related response procedures
- Coordinate with and provide expert technical support to customer technicians and staff to resolve confirmed incidents
- Formulate technical best-practice SOPs and Runbooks for SOC analysts
Desired Skillsand Experience:
- Five+ years of demonstrated operational experience as a cybersecurity analyst/engineer handling cybersecurity incidents and response in critical environments, and/or equivalent knowledge in areas such as; technical incident handling and analysis, intrusion detection, log analysis, penetration testing, and vulnerability management
- In-depth understanding of current cybersecurity threats, attacks and countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, ransomware, botnets, command and control (C2) activity, etc.
- In-depth hands-on experience analyzing and responding to security events and incidents with most of the following technologies and/or techniques; leading security information and event management (SIEM) technologies, intrusion detection/prevention systems (IDS/IPS), network and host-based firewalls, network access control (NAC), data leak protection (DLP), database activity monitoring (DAM), web and email content filtering, vulnerability scanning tools, endpoint protection, secure coding, etc.
- Strong communication, interpersonal, organizational, oral, and customer service skills
- Strong knowledge of TCP/IP protocols, services, and networking
- Experience with Risk Management Frameworks
- Demonstrated experience with security standards such as NIST 800-53, NYS DFS, HIPAA, SOX, PCI, etc..
- Knowledge of forensic analysis techniques for common operating systems
- Adept at proactive search, solicitation, and detailed analysis of threat intelligence (e.g., exploits, IOSs, hacking tools, vulnerabilities, threat actor TTPs) derived from open-source resources and external entities, to identify cybersecurity threats and derive countermeasures, not previously ingested into network security tools/applications, to apply to protect customers
- Master’s degree with 3 years of cybersecurity experience, or a bachelor’s degree with 5 years of experience, or an associates degree with 7 years of experience, or a high school diploma/GED with 9 years of experience
- Must have at least 1 relevant security certification( CAP, CASP, CISSP, CISSA, CISSP Associate) or must have the ability to obtain and maintain one within 6 months of start date
Job Type: Full-time
- cybersecurity: 3 years (Required)