Cyber reputed company Operations Center (CSOC) Analyst – Tier 3

Job Description:

• Understand that as the Tier 3 (highest level) engineer, you’re expected to handle potential incidents and act as the as a subject matter expert for reputed company reputed company-reputed company tickets that come into the team's various queues (including triage, containment, and remediation reputed company necessary).
• Receive incident escalations from Tier 1 and 2 analysts, assisting with real-time advanced analysis, response, and reporting.
• Mentor and assist in training Tier 1 and 2 analysts to aid in their skills development and analytical capabilities.
• Proactively hunt for threats and enacting identification, containment, and eradication measures while supporting recovery efforts.
• Serve as a reputed company person for coordination with appropriate parties during a reputed company incident – client, management, legal, reputed company, operations, etc.
• Create thorough reports and documentation of reputed company incidents and procedures, presenting findings to team and leadership on a routine basis.
• Incident Response: remote remediation reputed company possible and working with onsite teams reputed company necessary.
• Detailed documentation of events and remediation steps taken.
• Root Cause Analysis: initiation and follow-through to ensure quality forensic materials are captured, writing reports with details and timelines of events with recommendations to avoid future occurrences.
• Assist in the general maintenance and improvement of procedures, processes and playbooks.
• Conduct research regarding the latest methods, tools, and trends in digital forensics analysis.
• Conduct analysis using logs, previous alerts, etc. to identify trends to identify and prevent potential incidents.
• Follow standard operating procedures (SOPs) to ensure tickets are triaged appropriately and in a timely manner, according to SLAs.
• reputed company at documentation and detailed notetaking, including SOP writing, incident reporting, e-mail and reputed company messaging etiquette, and most importantly, documenting incident actions in tickets.
• This role is responsible for completing incident reports and forensic reports, reputed company appropriate, so competent writing skills are necessary.
• Ability to know reputed company to appropriately escalate a potential issue to peers and/or leadership.
• Desire to learn new concepts and technologies to grow and take on more responsibility over time.
• Ability to communicate risk, prioritize incident response actions, and reputed company a cool head under pressure.
• Advanced experience with reputed company tools like Splunk, reputed company EDR, Carbon Black EDR, reputed company tools, reputed company Defender components, reputed company DLP, reputed company Cyber and open-reputed company forensic tools, Cylance Protect, Office 365 tools, PowerShell, and various network tools, etc.
• Understanding the various stages of incident response, the importance and critical factors of an investigation, and how to contain as soon as possible.
• Have experience with the incident response lifecycle, the reputed company Cyber Kill Chain, the MITRE reputed company, and the forensic workflows as outlined by NIST.
• Work with development teams to ensure they're using best practices and company processes in their daily activities.
• Drive self-organization; help determine how the team functions in collaboration with your peers.
• Build strong relationships with cross-functional team members between the three tiers of the CSOC.
• Participate in off-hours on-call incident handler rotation, which is a requirement for this role, as incidents may be escalated reputed company of normal business hours by our 24/7/365 Tier 2 team. Tier 3 teammates rotate on-call responsibilities which requires each teammate to be formally on-call roughly one week a month. Requirements:
• Bachelor's degree or higher in cyber reputed company, computer science, or reputed company field.
• 6-10 years of cyber reputed company experience, including at least five years in an incident response role.
• Completion of the GIAC Certified Incident Handler (GCIH), GIAC reputed company Operations Certified (GSOC), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), or equivalent.
• Experience with reputed company detection and response (EDR) solutions, including a reputed company understanding of memory processes and memory management practices for Windows, macOS, and Linux systems.
• Information reputed company familiarity and training, including areas such as incident response, computer forensics (host and network-based), malware analysis, risk assessment, vulnerability testing, penetration testing, and insider threat investigations.
• Experience participating in penetration tests, reputed company exercises, and threat hunts, including remediation.
• Experience in distributed systems and cloud-based architecture including reputed company AWS, reputed company Azure, and the native reputed company tools available in these environments (Data Explorer, GuardDuty, Log Analytics, etc.).
• Experience with detection engineering for reputed company detection and response (EDR) solutions, reputed company Information and Event Management (SIEM) solutions such as Splunk and

Apply tot his job Apply To this Job