Cyber Security Operations Center (CSOC) Analyst – Tier 3

Remote Full-time
Job Description: • Understand that as the Tier 3 (highest level) engineer, you’re expected to handle potential incidents and act as the as a subject matter expert for all security-related tickets that come into the team's various queues (including triage, containment, and remediation when necessary). • Receive incident escalations from Tier 1 and 2 analysts, assisting with real-time advanced analysis, response, and reporting. • Mentor and assist in training Tier 1 and 2 analysts to aid in their skills development and analytical capabilities. • Proactively hunt for threats and enacting identification, containment, and eradication measures while supporting recovery efforts. • Serve as a point person for coordination with appropriate parties during a security incident – client, management, legal, security, operations, etc. • Create thorough reports and documentation of all incidents and procedures, presenting findings to team and leadership on a routine basis. • Incident Response: remote remediation when possible and working with onsite teams when necessary. • Detailed documentation of events and remediation steps taken. • Root Cause Analysis: initiation and follow-through to ensure quality forensic materials are captured, writing reports with details and timelines of events with recommendations to avoid future occurrences. • Assist in the general maintenance and improvement of procedures, processes and playbooks. • Conduct research regarding the latest methods, tools, and trends in digital forensics analysis. • Conduct analysis using logs, previous alerts, etc. to identify trends to identify and prevent potential incidents. • Follow standard operating procedures (SOPs) to ensure tickets are triaged appropriately and in a timely manner, according to SLAs. • Excel at documentation and detailed notetaking, including SOP writing, incident reporting, e-mail and instant messaging etiquette, and most importantly, documenting incident actions in tickets. • This role is responsible for completing incident reports and forensic reports, when appropriate, so competent writing skills are necessary. • Ability to know when to appropriately escalate a potential issue to peers and/or leadership. • Desire to learn new concepts and technologies to grow and take on more responsibility over time. • Ability to communicate risk, prioritize incident response actions, and keep a cool head under pressure. • Advanced experience with security tools like Splunk, CrowdStrike EDR, Carbon Black EDR, Proofpoint tools, Microsoft Defender components, Cyberhaven DLP, Axiom Cyber and open-source forensic tools, Cylance Protect, Office 365 tools, PowerShell, and various network tools, etc. • Understanding the various stages of incident response, the importance and critical factors of an investigation, and how to contain as soon as possible. • Have experience with the incident response lifecycle, the Lockheed Martin Cyber Kill Chain, the MITRE framework, and the forensic workflows as outlined by NIST. • Work with development teams to ensure they're using best practices and company processes in their daily activities. • Drive self-organization; help determine how the team functions in collaboration with your peers. • Build strong relationships with cross-functional team members between the three tiers of the CSOC. • Participate in off-hours on-call incident handler rotation, which is a requirement for this role, as incidents may be escalated outside of normal business hours by our 24/7/365 Tier 2 team. Tier 3 teammates rotate on-call responsibilities which requires each teammate to be formally on-call roughly one week a month. Requirements: • Bachelor's degree or higher in cyber security, computer science, or related field. • 6-10 years of cyber security experience, including at least five years in an incident response role. • Completion of the GIAC Certified Incident Handler (GCIH), GIAC Security Operations Certified (GSOC), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), or equivalent. • Experience with endpoint detection and response (EDR) solutions, including a fundamental understanding of memory processes and memory management practices for Windows, macOS, and Linux systems. • Information Security familiarity and training, including areas such as incident response, computer forensics (host and network-based), malware analysis, risk assessment, vulnerability testing, penetration testing, and insider threat investigations. • Experience participating in penetration tests, purple team exercises, and threat hunts, including remediation. • Experience in distributed systems and cloud-based architecture including Amazon AWS, Microsoft Azure, and the native security tools available in these environments (Data Explorer, GuardDuty, Log Analytics, etc.). • Experience with detection engineering for endpoint detection and response (EDR) solutions, Security Information and Event Management (SIEM) solutions such as Splunk and

Apply tot his job

Apply To this Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

FULL TIME Basic Data Entry Agent Work From Home - No Experience Needed – USA Remote Jobs

Remote

Senior Manager, Benefits Administration Services - Defined Benefits

Remote

VMware Platform Engineer

Remote

Remote Customer Support Representative – Chewy Pet Pharmacy Services (Entry‑Level, Full‑Time, $27 /hr, Work‑From‑Home)

Remote

Personal Finance Editor job at NBC Chicago in Englewood Cliffs, NJ

Remote

Remote Entry Level Healthcare Management Recruiter

Remote

**Experienced Customer Service Representative – Live Chat Support Specialist (FULLY REMOTE)**

Remote

Animator Motion Designer, Unexplainable [Remote]

Remote

Entry-Level Healthcare Position - Training Provided in Chesapeake, VA

Remote

Experienced Data Entry Specialist – Remote Opportunity at careerzynith

Remote
← Back