Northern Technologies Group
Security Operations Center (SOC) Lead
Northern Technologies Group, Tampa, Florida, us, 33646
Job Type
Full-time
Description
The
Senior SOC Analyst
is a critical technical role within NTG's Security Operations Center (SOC), responsible for advanced cyber threat analysis, incident response, and the operation and optimization of security tools such as SIEM platforms, including Splunk. This position requires a minimum of 5 years of experience in a SOC environment or a related degree in IT or Cybersecurity. The Senior SOC Analyst plays a pivotal role in detecting, analyzing, and mitigating cyber threats while supporting SOC processes and contributing to the continuous improvement of NTG's security posture.
If you are passionate about cybersecurity and possess strong analytical skills and expertise with SIEM tools, we encourage you to apply.
Key Attributes:
Detail-oriented with a proactive approach to threat detection and mitigation. Ability to adapt to new technologies and evolving threat landscapes. A team player with a strong focus on collaboration and continuous improvement. Essential Duties and Responsibilities
The essential functions include, but are not limited to, the following:
Threat Analysis and Incident Response:
Perform advanced threat analysis to identify, assess, and mitigate cyber threats, vulnerabilities, and insider risks. Conduct in-depth investigations using SIEM tools such as Splunk, Fortinet, and Microsoft SIEM. Coordinate and execute comprehensive incident response plans during security breaches or cyberattacks.
SOC Operations Support:
Operate and optimize security tools, including SIEM platforms, IDS/IPS, EDR, and forensic tools. Tune, customize, and enhance SIEM tools to improve detection and alerting capabilities. Provide technical guidance and mentoring to junior analysts on threat detection and SOC processes.
Procedure and Playbook Development:
Assist in developing and refining SOC procedures, playbooks, and response strategies. Document lessons learned from incident response activities and integrate them into playbooks.
Reporting and Trend Analysis:
Analyze and report on security trends, vulnerabilities, and incidents. Provide actionable recommendations to enhance detection capabilities and mitigate security risks.
Collaboration and Coordination:
Work closely with other teams, such as IT, engineering, and compliance, to address and mitigate security risks. Serve as a technical liaison between the SOC and leadership, providing updates on the security landscape.
Minimum Qualifications (Knowledge, Skills, and Abilities)
Technical Expertise:
Strong understanding of cyber threats, vulnerabilities, and attack vectors. Expertise using, customizing, and tuning SIEM tools, particularly Splunk. Familiarity with security tools such as IDS/IPS, EDR, firewalls, and forensic tools. Knowledge of frameworks like MITRE ATT&CK, NIST, and ISO 27001. Proficiency in scripting and automation for SOC processes (e.g., Python, PowerShell).
Analytical and Problem-Solving:
Excellent analytical skills to perform detailed cyber threat and vulnerability assessments. Ability to prioritize and make quick decisions during critical incidents.
Communication Skills:
Strong written and verbal communication skills for reporting and collaboration. Experience presenting technical findings to non-technical stakeholders.
Certifications (Preferred):
CISSP, CEH, GIAC certifications (e.g., GCIH, GCIA). Relevant certifications in SIEM or other security platforms.
Education, Experience:
Bachelor's degree in computer science, information security, or a related discipline; and/or 5 or more years of documented experience in Cybersecurity.
Physical Demands and Work Environment
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.
While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.
Travel
Up to 15% Shift
This position is normally M-F 8 AM to 5 PM (Eastern)
The SOC is manned 24/7/365, so occasionally alternate shifts may be required to provide coverage.
Full-time
Description
The
Senior SOC Analyst
is a critical technical role within NTG's Security Operations Center (SOC), responsible for advanced cyber threat analysis, incident response, and the operation and optimization of security tools such as SIEM platforms, including Splunk. This position requires a minimum of 5 years of experience in a SOC environment or a related degree in IT or Cybersecurity. The Senior SOC Analyst plays a pivotal role in detecting, analyzing, and mitigating cyber threats while supporting SOC processes and contributing to the continuous improvement of NTG's security posture.
If you are passionate about cybersecurity and possess strong analytical skills and expertise with SIEM tools, we encourage you to apply.
Key Attributes:
Detail-oriented with a proactive approach to threat detection and mitigation. Ability to adapt to new technologies and evolving threat landscapes. A team player with a strong focus on collaboration and continuous improvement. Essential Duties and Responsibilities
The essential functions include, but are not limited to, the following:
Threat Analysis and Incident Response:
Perform advanced threat analysis to identify, assess, and mitigate cyber threats, vulnerabilities, and insider risks. Conduct in-depth investigations using SIEM tools such as Splunk, Fortinet, and Microsoft SIEM. Coordinate and execute comprehensive incident response plans during security breaches or cyberattacks.
SOC Operations Support:
Operate and optimize security tools, including SIEM platforms, IDS/IPS, EDR, and forensic tools. Tune, customize, and enhance SIEM tools to improve detection and alerting capabilities. Provide technical guidance and mentoring to junior analysts on threat detection and SOC processes.
Procedure and Playbook Development:
Assist in developing and refining SOC procedures, playbooks, and response strategies. Document lessons learned from incident response activities and integrate them into playbooks.
Reporting and Trend Analysis:
Analyze and report on security trends, vulnerabilities, and incidents. Provide actionable recommendations to enhance detection capabilities and mitigate security risks.
Collaboration and Coordination:
Work closely with other teams, such as IT, engineering, and compliance, to address and mitigate security risks. Serve as a technical liaison between the SOC and leadership, providing updates on the security landscape.
Minimum Qualifications (Knowledge, Skills, and Abilities)
Technical Expertise:
Strong understanding of cyber threats, vulnerabilities, and attack vectors. Expertise using, customizing, and tuning SIEM tools, particularly Splunk. Familiarity with security tools such as IDS/IPS, EDR, firewalls, and forensic tools. Knowledge of frameworks like MITRE ATT&CK, NIST, and ISO 27001. Proficiency in scripting and automation for SOC processes (e.g., Python, PowerShell).
Analytical and Problem-Solving:
Excellent analytical skills to perform detailed cyber threat and vulnerability assessments. Ability to prioritize and make quick decisions during critical incidents.
Communication Skills:
Strong written and verbal communication skills for reporting and collaboration. Experience presenting technical findings to non-technical stakeholders.
Certifications (Preferred):
CISSP, CEH, GIAC certifications (e.g., GCIH, GCIA). Relevant certifications in SIEM or other security platforms.
Education, Experience:
Bachelor's degree in computer science, information security, or a related discipline; and/or 5 or more years of documented experience in Cybersecurity.
Physical Demands and Work Environment
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.
While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.
Travel
Up to 15% Shift
This position is normally M-F 8 AM to 5 PM (Eastern)
The SOC is manned 24/7/365, so occasionally alternate shifts may be required to provide coverage.