SOC Security Analyst L3
The role involves defending our global customers from constant threats in the fight against adversaries. As a Senior analyst, you will be part of a fast-paced team that helps spot, defend, and remediate adversary activity to reduce the impact and dwell time of security incidents.
Key Responsibilities:
* Monitor and analyze security events and alerts from multiple sources, including SIEM logs, endpoint logs, and EDR telemetry.
* Research indicators and activities to determine reputation and suspicious attributes.
* Perform analysis of malware, attacker network infrastructure, and forensic artifacts.
* Execute complex investigations and handle incident declaration.
* Perform live response analysis of compromised endpoints.
* Hunt for suspicious activity based on anomalous activity and curated intelligence.
* Participate in the response, investigation, and resolution of security incidents.
* Provide incident investigation, handling, response, and incident documentation.
* Engage and assist the BlueVoyant Incident Response teams for active intrusions.
* Ensure events are properly identified, analyzed, and escalated to incidents.
* Assist in the advancement of security policies, procedures, and automation.
* Serve as the technical escalation point and mentor for lower-level analysts.
* Regularly communicate with clients to inform them of incidents and aid in remediation.
* Identification and tuning of false-positive or benign detections.
* Perform peer review and QA of junior analyst investigations.
* Support Customer Success team with client engagements when required.
People Skills:
* Ability to handle high pressure situations in a productive and professional manner.
* Ability to work directly with customers to understand requirements for and feedback on security services.
* Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language.
* Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team.
* Able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule.
Technical Skills:
* Knowledge and experience with SIEM solutions, Cloud App Security tools, and EDR.
* Advanced knowledge and understanding of network protocols and network telemetry.
* Forensic artifact and analysis knowledge of Windows and Unix systems.
* Expertise in Endpoint, Web, and Authentication log analysis.
* Experience with SIEM/EDR detection creation.
* Experience in responding to modern authentication attacks against AD, Entra, OATH, etc.
* Expert knowledge of common attack paths, including LOLbin use, common adversary tools, business email compromises, AiTM attacks, including identification and response.