|Company||University of Rochester|
|Location||Rochester, NY / Remote|
|Preferred GIAC Certifications||GCIH, GCIA, GMON, GSEC, GCDA|
The IT Security Operations Center (SOC) Analyst Senior is responsible for activities relating to monitoring and responding to security events. The SOC analyst receives, researches, triages and documents security events in a Hybrid Managed SOC environment. This individual supports multiple security-related platforms and technologies, interfacing with others within the IT organization, as well as other internal business units and external customers/partners. This individual must display an in-depth understanding of new trends and technologies related to IT Security and stay aware of the latest threats to the organization. As a senior Incident Response team member, this individual will provide technical guidance for other team members and ensure continuous improvement in incident response handling.
Perform in-depth analysis of threat activities and alerts generated within Security Information and Event Management (SIEM) and other security tools. Perform threat hunting based on emerging Indicators of Compromise (IOC) or vulnerabilities.
Leads incident response efforts, including monitoring, triaging, handling and documenting security events in the incident response queue, IT service tickets and Incident Response team emails. Coordinate additional team resources to assist in handling surges of incidents and requests. Escalate incidents to Hybrid Managed SOC partner per established procedures.
Independently handles assigned engineering tasks including SIEM and Endpoint Detection and Response (EDR) tuning, log ingestion, log parsing, security tool administration, maintenance and enhancements. Build security dashboards, metrics and reports. Identifies data sources to augment capabilities, perform integration of new tools or applications as needed.
Develops and maintains Incident Response playbooks. Automates repetitive tasks to improve efficiency.
Administers and maintains Incident Response security tools including routine patching, vulnerability remediation, application upgrades, application administration and system documentation.
Documents task and project work in JIRA.
Participates in a 24x7 on-call support rotation.
Assures best practices in change management including following established change control procedures, peer review, communication and documentation.
Participate in Daily Stand Up meetings, quarterly purple teams, weekly 1:1 meetings, and other meetings as necessary.
Bachelor's degree in related discipline such as Computer Science, Cybersecurity, Business, Mathematics, Statistics, Science or Engineering; or equivalent practical experience required.
Master’s Degree preferred.
4-6 years of related experience required;
Experience in higher education or healthcare IT preferred.
Experience with SIEM, SOAR and Threat Intelligence platforms required.
Tier 1 and 2 SOC experience required.
EDR tuning and alerting experience preferred.
Windows or Unix system administration skills required.
Scripting and automation skills using Python or Powershell required.
Understanding of networking concepts and experience with network and endpoint log analysis required.
Experience with Incident Response and Handling methodologies. Experience doing first level forensics response on system and network logs required.
Knowledge of adversary tactics, techniques and procedures (TTPs) and MITRE ATT&CK framework preferred.
Understands and models organizational mission, vision and values and fosters a team-centric working environment preferred.
Ability to collaborate effectively with others and ensure customer satisfaction and appropriate follow-through in all interactions required.
Excellent verbal and written communication skills required.
Calm under pressure but works with a sense of urgency required.