Analyst - SecOps

Threat Detection and Incident Response:

• Monitor, analyze, and respond to global security alerts using SIEM/SOAR tools.
• Triage with sandboxing technologies
• Analyze with threat intelligence tools
• Investigate and respond to security events, implementing containment and recovery strategies.
• Expedite with AI/ML workflows and capabilities
• Utilize KQL for querying and correlating data to identify and address threats.
• Develop and manage automated detection rules and playbooks in Microsoft Sentinel.
• Employ Microsoft Defender and MS Purview Data Loss Prevention (DLP) tools to enhance endpoint protection and data security.

Threat Hunting and Data Forensics:

• Conduct proactive threat hunting and data forensics to uncover potential threats.
• Utilize advanced threat intelligence platforms to inform and refine threat detection strategies.
• Develop and execute SOC playbooks to improve response and operational efficiency.

Team Collaboration and Leadership:

• Triage and assist on complex incidents and investigations.
• Collaborate with USA Security escalation teams and departments to enhance overall security posture.
• Assist in developing and refining SOC procedures and best practices.

Career Development:

• Opportunities for progression to SOC Lead and Architect roles.
• Access to continuous learning, certifications, and professional development resources.
• Regular performance reviews to discuss career growth and advancement.

Qualifications:

• Preferred Bachelor s degree in Computer Science, Cybersecurity, or a related field.
• 3-5 years of experience as a SOC analyst, preferably with lead responsibilities.
• Strong knowledge of KQL (Kusto Query Language) for querying and analyzing security data.
• Hands-on experience with Microsoft Sentinel, including rule creation, playbook implementation, and workbooks.
• Proficiency in Microsoft Defender and MS Purview Data Loss Prevention (DLP).
• Certifications such as CISSP, CEH, or CompTIA Security+ are a plus.

Core Technologies and Expertise Required:

• Microsoft Sentinel: Experience with SIEM, rule creation, playbooks, and workbooks.
• KQL (Kusto Query Language): Proficiency in querying and data correlation.
• Microsoft Defender: Expertise in endpoint protection and threat detection.
• MS Purview Data Loss Prevention (DLP): Experience with data protection and loss prevention strategies.
• Incident Response Tools: Knowledge of containment and recovery strategies.
• Vulnerability Management Tools: Experience in assessments, penetration tests, and threat monitoring.
• Threat Intelligence Platforms: Ability to leverage and analyze threat intelligence.
• Network Security: Working knowledge of firewalls, IDS/IPS, and network security protocols.
• Data Forensics: Proficient in data forensic analysis and investigation.
• SOC Playbooks: Proficient in creating and managing SOC playbooks.

Additional Skills:

• Strong understanding of incident response processes and procedures.
• Excellent analytical and problem-solving skills.
• Ability to work within a we'll-managed team
• Shift Coverage: Rotational 24x7 shifts.