Kesta IT
Security Operations Center Analyst
Kesta IT, Ogden, Utah, United States, 84403
Position Overview:
We are seeking an experienced SOC (Security Operations Center) Analyst to join our cybersecurity team. The ideal candidate will have at least three years of hands-on experience in security operations, with expertise in using CrowdStrike and Sumo Logic. As a SOC Analyst, you will be responsible for monitoring, detecting, analyzing, and responding to security threats and incidents across our enterprise. You will play a key role in safeguarding our organization's assets, ensuring our systems remain secure and resilient against cyber threats.
Key Responsibilities:
Incident Detection and Analysis:
Monitor security events and alerts using various security tools and technologies. Analyze and investigate potential security incidents to determine their nature, scope, and impact. Will act as primary escalation point within the team.Incident Response:
Execute predefined incident response procedures to contain and mitigate security breaches. Coordinate with relevant stakeholders to ensure swift resolution of incidents and minimize downtime.Threat Hunting:
Proactively search for signs of advanced threats within the network environment. Utilize threat intelligence sources and advanced analytics to identify and neutralize potential security risks. Assist in threat signature implementation and tuning.Detection Engineering : Develop and maintain detection rules, correlation, and algorithms to identify anomalous behavior and security threats across various data sources, including network traffic, logs, and endpoint telemetry. Conduct research on emerging threats, attack techniques, and security technologies to continuously improve detection capabilities and stay ahead of evolving threats.Security Tool Management:
Manage and maintain security technologies such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), endpoint security solutions such as SentinelOne and Crowdstrike, and other relevant tools such as vulnerability management tools. Fine-tune configurations to optimize detection capabilities.Documentation and Reporting:
Document incident details, analysis findings, and remediation actions taken for reference and reporting purposes. Prepare comprehensive incident reports and contribute to ongoing security status updates. Lead in the development of playbooks for operational responses to security and cyber threats. Will report findings to customer as required.Collaboration and Knowledge Sharing:
Work closely with analysts, SOC leadership, and other cybersecurity teams to share insights, best practices, and lessons learned. Participate in knowledge transfer sessions and training programs to enhance team capabilities.Continuous Improvement:
Identify opportunities for process improvements, automation, and optimization within the SOC environment. Contribute to the development and implementation of new security policies, procedures, customer runbooks and controls. Participate in continuous training and improvement of internal teams.Shift Lead:
Act as Shift Lead and first point of escalation for SOC Analysts and customers. Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring. Ensures standards and procedures for alerts are addressed with relevancy, accuracy and in a timely manner. Lead shift hand off meetings.
Required Experience:
- Minimum 3+ Years of Experience: Hands-on experience in a SOC or similar security operations role.
- Expertise in CrowdStrike: Proficient in using CrowdStrike for endpoint detection and response, threat hunting, and incident investigation.
- Proficiency in Sumo Logic: Strong experience in log management, analysis, and correlation using Sumo Logic.
- Strong Analytical Skills: Ability to analyze complex security issues, think critically, and provide actionable insights.
- Incident Response Experience: Proven experience in responding to security incidents, including triage, containment, eradication, and recovery.
- Understanding of Security Frameworks: Familiarity with cybersecurity frameworks such as NIST, MITRE ATT&CK, and CIS Controls.
- Excellent Communication Skills: Strong written and verbal communication skills, with the ability to convey technical information to non-technical stakeholders.
- Team-Oriented: Ability to work collaboratively in a team environment, as well as independently when required.
- Continuous Learning: A passion for staying up-to-date with the latest security trends, threats, and technologies.
Preferred Qualifications:
- Certifications: Relevant certifications such as CISSP, CISM, CEH, or GCIH are a plus.
- Experience with SIEM Tools:** Additional experience with other SIEM tools is advantageous.
We are seeking an experienced SOC (Security Operations Center) Analyst to join our cybersecurity team. The ideal candidate will have at least three years of hands-on experience in security operations, with expertise in using CrowdStrike and Sumo Logic. As a SOC Analyst, you will be responsible for monitoring, detecting, analyzing, and responding to security threats and incidents across our enterprise. You will play a key role in safeguarding our organization's assets, ensuring our systems remain secure and resilient against cyber threats.
Key Responsibilities:
Incident Detection and Analysis:
Monitor security events and alerts using various security tools and technologies. Analyze and investigate potential security incidents to determine their nature, scope, and impact. Will act as primary escalation point within the team.Incident Response:
Execute predefined incident response procedures to contain and mitigate security breaches. Coordinate with relevant stakeholders to ensure swift resolution of incidents and minimize downtime.Threat Hunting:
Proactively search for signs of advanced threats within the network environment. Utilize threat intelligence sources and advanced analytics to identify and neutralize potential security risks. Assist in threat signature implementation and tuning.Detection Engineering : Develop and maintain detection rules, correlation, and algorithms to identify anomalous behavior and security threats across various data sources, including network traffic, logs, and endpoint telemetry. Conduct research on emerging threats, attack techniques, and security technologies to continuously improve detection capabilities and stay ahead of evolving threats.Security Tool Management:
Manage and maintain security technologies such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), endpoint security solutions such as SentinelOne and Crowdstrike, and other relevant tools such as vulnerability management tools. Fine-tune configurations to optimize detection capabilities.Documentation and Reporting:
Document incident details, analysis findings, and remediation actions taken for reference and reporting purposes. Prepare comprehensive incident reports and contribute to ongoing security status updates. Lead in the development of playbooks for operational responses to security and cyber threats. Will report findings to customer as required.Collaboration and Knowledge Sharing:
Work closely with analysts, SOC leadership, and other cybersecurity teams to share insights, best practices, and lessons learned. Participate in knowledge transfer sessions and training programs to enhance team capabilities.Continuous Improvement:
Identify opportunities for process improvements, automation, and optimization within the SOC environment. Contribute to the development and implementation of new security policies, procedures, customer runbooks and controls. Participate in continuous training and improvement of internal teams.Shift Lead:
Act as Shift Lead and first point of escalation for SOC Analysts and customers. Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring. Ensures standards and procedures for alerts are addressed with relevancy, accuracy and in a timely manner. Lead shift hand off meetings.
Required Experience:
- Minimum 3+ Years of Experience: Hands-on experience in a SOC or similar security operations role.
- Expertise in CrowdStrike: Proficient in using CrowdStrike for endpoint detection and response, threat hunting, and incident investigation.
- Proficiency in Sumo Logic: Strong experience in log management, analysis, and correlation using Sumo Logic.
- Strong Analytical Skills: Ability to analyze complex security issues, think critically, and provide actionable insights.
- Incident Response Experience: Proven experience in responding to security incidents, including triage, containment, eradication, and recovery.
- Understanding of Security Frameworks: Familiarity with cybersecurity frameworks such as NIST, MITRE ATT&CK, and CIS Controls.
- Excellent Communication Skills: Strong written and verbal communication skills, with the ability to convey technical information to non-technical stakeholders.
- Team-Oriented: Ability to work collaboratively in a team environment, as well as independently when required.
- Continuous Learning: A passion for staying up-to-date with the latest security trends, threats, and technologies.
Preferred Qualifications:
- Certifications: Relevant certifications such as CISSP, CISM, CEH, or GCIH are a plus.
- Experience with SIEM Tools:** Additional experience with other SIEM tools is advantageous.