Security Threat Analyst II

SUMMARY

The Security Threat Analyst II supports the Arete Security Operation Center (SOC) in all monitoring, detection, and response efforts for the Digital Forensics and Incident Response (DFIR) organization. The Security Threat Analyst II assists the Tiger Teams in the identification of pre/post-breach malicious artifacts, threat hunts for additional malicious artifacts, escalates findings, and ensures collaboration with the Forensic team for targeted collections and root-cause analysis.

ROLES & RESPONSIBILITIES

• Reviews alerts generated by SentinelOne and implement appropriate containment and mitigation measures
• Analyses payloads using JoeSandbox and escalate to the appropriate team as necessary
• Collaborates with the Forensics team to conduct threat hunting using identified Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs)
• Assists the Tiger Team in targeted collections of systems based on identified malicious activities in the client's environment
• Conducts historical log reviews to support threat hunting efforts and ensure all malicious artifacts are mitigated in the SentinelOne console
• Examines client-provided documents and files to supplement the SOC investigation and mitigation strategy
• Conducts perimeter scans of client infrastructure and report any identified vulnerabilities to the Tiger Team for appropriate escalation
• Manages client-related tasks within the ConnectWise Manage ticketing system as part of the Client Handling Lifecycle
• Creates user accounts in SentinelOne console for the client
• Generates Threat Reports showcasing activity observed within the SentinelOne product
• Executes passphrase exports as needed for client offboarding
• Submits legacy installer requests to ensure the team is properly equipped for deployment
• Provides timely alert notifications to the IR team of any malicious activity impacting our clients
• Serves as an escalation point for Tier 1 analysts
• Assists with uninstalling/migrating SentinelOne
• Generates Ranger reports to provide needed visibility into client environments
• Manages and organizes client assets (multi-site and multi-group accounts)
• Applies appropriate interoperability exclusions relating to SentinelOne and client applications
• Performs SentinelOne installation / interoperability troubleshooting as needed
• Contributes to the overall documentation of SOC processes and procedures
• Participates in “Handler on Duty (HOD)” shifts as assigned to support the Tiger Team(s) client matters
• Internally escalates support ticket / alerts to Tier III-IV Analysts as needed
• May perform other duties as assigned by management

SKILLS AND KNOWLEDGE

• Demonstrated knowledge of Windows and Unix operating systems
• Thorough understanding of Digital Forensics and Incident Response practices
• Proficiency in advanced analysis techniques for processing and reviewing large datasets in various formats
• Familiarity with TCP/IP and OSI Model concepts at a basic level
• Expertise in the Incident Response Life Cycle stages (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned)
• Working knowledge of the MITRE ATT&CK framework at an intermediate level
• Proven ability to work independently and solve complex problems without constant direction from management
• Highly detail-oriented and committed to producing quality work

JOB REQUIREMENTS

• Bachelor's Degree and 4+ years of IT security related experience or Master's or Advanced Degree and 3+ years related experience
• Current or previous experience with Endpoint Detection and Response (EDR) toolsets
• Previous experience working on a SOC/CIRT team
• Ability to communicate in both technical and non-technical terms both oral and written
• 1-2 Information Security Certifications (GIAC, Offensive Security, EC-Council, ISC2) preferred

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

DECLARATION

The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.

EQUAL EMPLOYMENT OPPORTUNITY

We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.