Security Threat Analyst II

The Security Threat Analyst II supports the Arete Security Operation Center (SOC) in monitoring, detection, and response efforts for the Digital Forensics and Incident Response (DFIR) organization. You will assist the Tiger Teams in identifying pre/post-breach malicious artifacts, conducting threat hunts for additional malicious artifacts, escalating findings, and ensuring collaboration with the Forensic team for targeted collections and root-cause analysis. In this role, you will review alerts generated by SentinelOne and implement appropriate containment and mitigation measures. Collaboration with the Forensics team to conduct threat hunting using identified Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) will be a key responsibility. Additionally, you will assist the Tiger Team in targeted collections of systems based on identified malicious activities in the client's environment. Your duties will include conducting historical log reviews to support threat hunting efforts, ensuring all malicious artifacts are mitigated in the SentinelOne console, examining client-provided documents and files, conducting perimeter scans of client infrastructure, managing client-related tasks within the ConnectWise Manage ticketing system, creating user accounts in SentinelOne console, and generating Threat Reports showcasing activity observed within the SentinelOne product. You will also execute passphrase exports as needed for client offboarding, submit legacy installer requests, provide timely alert notifications to the IR team, and serve as an escalation point for Tier 1 analysts. Furthermore, you will assist with uninstalling/migrating SentinelOne, generate Ranger reports, manage and organize client assets, apply appropriate interoperability exclusions, perform SentinelOne installation / interoperability troubleshooting, contribute to the overall documentation of SOC processes and procedures, participate in Handler on Duty (HOD) shifts, and internally escalate support ticket/alerts to Tier III-IV Analysts as needed. Other duties may also be assigned by management. To excel in this role, you should possess demonstrated knowledge of Windows and Unix operating systems, a thorough understanding of Digital Forensics and Incident Response practices, proficiency in advanced analysis techniques for processing and reviewing large datasets, familiarity with TCP/IP and OSI Model concepts, expertise in the Incident Response Life Cycle stages, working knowledge of the MITRE ATT&CK framework, ability to work independently, and a commitment to producing quality work. The job requirements include a Bachelor's Degree and 4+ years of IT security related experience or a Master's or Advanced Degree and 3+ years of related experience, current or previous experience with Endpoint Detection and Response (EDR) toolsets, previous experience working on a SOC/CIRT team, ability to communicate in both technical and non-technical terms, and 1-2 Information Security Certifications preferred. Please note that the above statements are intended to describe the general nature of work being performed and are not exhaustive. The work environment is usual office working conditions, and salary and benefits will be paid consistent with Arete salary and benefit policy. The Arete Incident Response Human Resources Department retains the sole right to make changes to this job description. Arete is an equal employment opportunity employer.,