Title : Security Operations Center Analyst
The Security Operations Center Analyst will support key operational and technical activities for protecting all IT Security applications/systems. This includes incident response, vulnerability management and working closely with the Cyber Fusion Center and other internal/3rd party companies providing operational support. This position ensures that the organization is maintaining the knowledge and processes to protect Vitech while adhering to changing industry and technology needs.
Roles and Responsibilities
- Assist in building a world class Security operations team for Vitech
- Manage the scoping, containment, remediation, reporting, of Incidents
- Support the ongoing development of the SIEM environment and Use Case development.
- Support our Cyber Security Incident Response Team.
- Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
- Conduct host forensics, network, log analysis, and malware triage in support of incident response investigations.
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Effectively communicate investigative findings and strategy to stakeholders including technical staff, executive leadership, and legal counsel.
- 3 Years’ experience in security operations as hands on technical lead.
- Proficiency in Splunk, searching, alerting, dashboard creation, use case creation and logic tuning. Experience with ELK and SolarWinds Security Events Manager is desirable.
- Experience with using common EDR tools such as Carbon Black to investigate and remediate findings.
- Proficiency in investigating malicious behavior in AWS and on-premises environments.
- Proficiency in reviewing logs, determining threat actor TTPs, investigating incidents and implementing defensive strategies.
- Understanding of the cyber incident lifecycle and familiarity with MITRE ATT&CK®.
- Experience with writing and managing IOC’s and signatures such as Open IOC format, YARA, and Snort.
- Demonstrated ability to make decisions on remediation and counter measures for challenging information security threats.
- Expertise in analysis of TCP/IP network traffic and communication protocols.
- Experience with a scripting language such as Perl, Python, or other scripting language in an incident handling environment.
- Experience conducting analysis of electronic media, packet capture, log data, and network devices in support of intrusion analysis or enterprise level information security operations.
- Preferred certification: GIAC Incident Handler.
- Attention to detail and ability to recognize and resolve discrepancies.
- Strong written and verbal communication skills.
- Self-motivated, enthusiastic, and passionate about Information Security.
- Ability to multi-task and prioritize.