SOC Level 1 Analyst – AMTRA Solutions
About AMTRA Solutions:
We are a leading provider of information and technology solutions, services, and staffing for the modern world. As the way the world works evolves, so do the services and solutions we offer, but our goal remains the same – to modernize the way our clients work by focusing on the human experience.
As a Microsoft Gold Partner, we specialize in modern workplaces, cloud and security, business applications and staffing solutions to help our clients increase their business performance. We equip people and teams with the tools they need to work more effectively and efficiently, transforming the way they connect and do business. Sounds awesome, right?
If you’re looking for your next role in Security, read on…
A Level 1 SOC Analyst executes daily operations procedures as a matter of daily responsibility. The role of an SOC Analyst is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, the SOC Analyst will be responsible for monitoring the Azure Sentinel Incident Blade for security events/alerts/incidents and closing or escalating those as necessary. SOC Analysts maintain the group email address and distribution lists, answer SOC main phone lines, and update all relevant documentation such as shift logs and tickets.
Specifically, the SOC Level 1 Analyst(s) will:
-Rapidly identify, categorize, prioritize and Triage Incidents as the initial step for the enterprise using all available CUSTOMER's log and intelligence sources to include but not limited to:
-Firewalls
-Systems and Network Devices
-Web Proxies
-Intrusion Detection/Prevention Systems
-Data Loss Prevention
-Antivirus Systems
-OneNote Framework
-Monitor incoming event queues for potential security incidents using Azure Sentinel per operational procedures.
-Perform initial investigation and triage of potential incidents, and escalate or close Incidents as applicable.
-Use available SOC tools for historical analysis purposes as necessary for detected Alerts/Incidents; for example, historical searches using Azure Sentinel Log Analytics.
-Monitor SOC e-mail queue for potential event reporting from outside entities and individual users.
-Maintain SOC shift logs with relevant activity from analyst shift.
-Document investigation results, ensuring relevant details are passed to the Secondary Analysts for final event analysis.
-Update/reference SOC collaboration tool (Wiki, OneNote) as necessary for changes to SOC processes and procedures, and ingest of SOC daily intelligence reports and previous shift logs.
-Conduct research and document Alerts/Events of interest within the scope of IT Security
Additionally, Level 1 Analysts who have tenure in security monitoring of more than one year will:
-Track tactical issues in execution of SOC responsibilities
-Mentor junior analysts to improve detection/analytical capabilities within the SOC.
-Manage SOC event and information intake to include gathering intelligence reports, monitoring ticket queues, investigating reported incidents, and interacting with other security and network groups as necessary.
-Coordinate with SIEM Engineers to tune Events and Alerts.
-Serve as shift subject matter experts on incident detection and analysis techniques providing guidance to junior analysts and making recommendations to organizational managers.
Must Have Requirement:
-Microsoft Defender for Endpoint experience
Nice-to-have:
-Full Microsoft Defender XDR experience
-Host Intrusion Analysis
-Network Intrusion Analysis
-Familiarity with categories of Malware and Malware Reverse Engineering techniques
-Experience working with security tools for the purposes of detection, diagnosis, containment and remediation
-Experienced in creating and maintaining a security incident response plan (IRP).
Any of the following credentials will be highly beneficial:
-Microsoft SC stream certifications
-SANS: Qualifications in Security Essentials (GSEC), Hacker Techniques & Incident Handling (GIH), Host (GCFE/GCFA) & Network (GNFA) Forensics, Malware Analysis (GREM) and any Digital Forensics specializations.
-CREST certifications: Certified Incident Manager, Certified Host Intrusion Analyst, Certified Network Intrusion Analyst, Certified Malware Reverse Engineer, Practitioner Intrusion Analyst, Registered Intrusion Analyst
-Certified Ethical Hacker
Personal Attributes:
-Very procedure driven with the aptitude and attention for detail
-Strong mentoring skills
-Aptitude for solving problems
-Can act on own initiative
-Excellent communicator with a positive and confident attitude both written and verbally
-Good written skills with capability to create well formatted reports
-Excellent communication skills, both written and oral;
-A strong team player with a flexible approach
-Can demonstrate consistency in work attitude
If this sounds like you – we’d love to chat! Apply today.