Cyber Defense – SOC Analyst

Job Category: Cybersecurity
Job Type: Full Time
Job Location: United States
Salary: $140K/yr - $150K/yr
Company Name: Request Technology

About the job

NO SPONSORSHIP

Associate Principal, Cyber Defense

SALARY: $140k – $150k – $160k plus 15% bonus

LOCATION: CHICAGO, IL

3 days in office and 2 days remote

 

Looking for a Tier 2 analys,t threat intelligence, incident response candidate. You will monitor security alerts, events, analysis security logs, network traffic, endpoint data. soc processes procedures NIST frameworks SIEM Splunk IBM Q radar log rhythm Splunk soar cortex xsoar fortisoar playbook CrowdStrike sentinel one defender IDK IPS firewalls proxy Qualys Nessus LDAP sun Linux windows AWS azure GCP 24×7 on call support

Security Monitoring:

  • Monitor security alerts and events from various security tools and technologies.
  • Perform advanced analysis of security logs, network traffic, and endpoint data.

Incident Response:

  • Review and respond to security incidents escalated by Tier 1 analysts.
  • Conduct thorough investigations to determine the scope and impact of security incidents.
  • Implement containment, eradication, and recovery measures for confirmed incidents.
  • Document and report findings, actions taken, and lessons learned.Communicate effectively with stakeholders regarding security incidents and mitigation efforts.

Continuous Improvement:

  • Participate in post-incident reviews to identify areas for improvement.
  • Stay current with the latest cybersecurity trends, threats, and technologies.
  • Contribute to the development and enhancement of SOC processes and procedures.

Qualifications:

  • Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines.
  • Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets.
  • Knowledge and experience implementing controls based on security regulation (e.g., NIST Cyber Security Framework) is a plus.
  • Effective and excellent oral and written communication, analytical, judgment and consultation skills.
  • Ability to effectively communicate in both formal and informal review settings with all levels of management.
  • Ability to work with local and remote IT staff/management, vendors and consultants.
  • Ability to work independently and possess strong project management skills.

Technical Skills:

  • Log analysis and security content development in SIEM solutions (Splunk, IBM QRadar, LogRhythm, etc.).
  • SOAR products such as Splunk SOAR, Cortex XSOAR, FortiSOAR, etc. SOAR playbook development experience is a plus.
  • Endpoint detection and response tools, e.g. CrowdStrike, SentinelOne, Microsoft Defender, etc.
  • Incident Response playbook development, managing security incident analysis and remediation.
  • Network-based preventative and detective technologies (IDS/IPS, firewalls, proxy servers)
  • Standard technical writing tools including MS Word, Excel, Project and Visio

Familiarity with:

  • Vulnerability assessment tools (Qualys, Nessus, nmap, etc.).
  • Directory services, LDAP, and their inherent security (Active Directory, CA Directory, Entra ID).
  • Client/server platforms including Sun Solaris, Windows, Linux.
  • Operating system hardening procedures (Solaris, Linux, Windows, etc.)
  • Web Application Firewalls.
  • Cloud based security tools and techniques (AWS, Azure, GCP, etc.)

Experience:

  • Bachelor’s degree in cybersecurity, computer science, or another related field.
  • Minimum three years of information security experience, preferably in the financial services industry.
  • Hands-on security operations experience including interdisciplinary experience with two or more of the following: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages, Incident Response.
  • Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives.
  • Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure.
  • Industry knowledge of leading-edge security technologies and methods.
  • Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities.
  • Previous people/project management experience is a plus.

How to Apply:

APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx