Security Operations Analyst

Responsibilities

• Monitor our alert channels, SIEM/SOAR notifications and EDR/IDS/IPS solutions for detections/incidents and threat hunt for malicious activity.
• Investigate, contain, triage and mitigate as needed; as well as continuously tune rules to reduce false positives.
• Provide incident response and be a key point of contact during all incidents; which includes investigation, correlation, triage, response, mitigation, ticketing, documentation and postmortem analyses.
• Work an alert from start to finish, including any containment, investigation and mitigative actions needed.
• Assist in the tuning of EDR/IDS/IPS solutions to improve detection, reduce noise, add IOAs, etc.
• Work with the security engineering team to improve tool usage and workflows, as well mature monitoring and response capabilities.
• Work with developers on the InfoSec team to build security automation workflows, enrichments and mitigations.
• Evaluate SOC policies and procedures and recommend updates to management where appropriate.
• Grow and mature our threat intelligence program – gather, analyze and assess threat intelligence to report on the current and future threat landscape, and provide a realistic overview of risks and threats in the enterprise environment.
• Enhance our detection capabilities with correlation, situational awareness and intel enrichment.