About the Role
BlueVoyant is seeking a Senior Security Operations Center (SOC) Analyst to join our fast-paced team in defending global customers against adversaries.
Key Responsibilities
* Monitor and analyze security events and alerts from multiple sources, including SIEM logs, endpoint logs, and EDR telemetry.
* Research indicators and activities to determine reputation and suspicious attributes.
* Perform analysis of malware, attacker network infrastructure, and forensic artifacts.
* Execute complex investigations and handle incident declaration.
* Perform live response analysis of compromised endpoints.
* Hunt for suspicious activity based on anomalous activity and curated intelligence.
* Participate in the response, investigation, and resolution of security incidents.
* Provide incident investigation, handling, response, and incident documentation.
* Engage and assist the BlueVoyant Incident Response teams for active intrusions.
* Ensure events are properly identified, analyzed, and escalated to incidents.
* Assist in the advancement of security policies, procedures, and automation.
* Serve as the technical escalation point and mentor for lower-level analysts.
* Regularly communicate with clients to inform them of incidents and aid in remediation.
* Identification and tuning of false-positive or benign detections.
* Perform peer review and QA of junior analyst investigations.
* Support Customer Success team with client engagements when required.
Requirements
People Skills
* Ability to handle high pressure situations in a productive and professional manner.
* Ability to work directly with customers to understand requirements for and feedback on security services.
* Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language.
* Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team.
* Able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule.
Tech Skills
* Knowledge and experience with SIEM solutions, Cloud App Security tools, and EDR.
* Advanced knowledge and understanding of network protocols and network telemetry.
* Forensic artifact and analysis knowledge of Windows and Unix systems.
* Expertise in Endpoint, Web, and Authentication log analysis.
* Experience with SIEM/EDR detection creation.
* Experience in responding to modern authentication attacks against AD, Entra, OATH, etc.
* Expert knowledge of common attack paths, including LOLbin use, common adversary tools, business email compromises, AiTM attacks, including identification and response.
* Strong knowledge of the following:
o SIEM workflows (preferably Sentinel and Splunk).
o Modern authentication systems and attacks SSO, OATH, Entra, etc.
o Malware Detection, to include dynamic and light static analysis.
o Network Monitoring metadata (web logs, firewall logs, WAF/IDS).
o Email Security and common business email compromise attacks.
o Windows and Unix forensic artifacts (i.e., registry analysis, wtmp/btmp).
o Windows PE and Maldoc analysis.
o Remote access solutions (both legitimate and inherently malicious).
o Lateral movement methodologies and tools for Windows & Unix-based OSes.
o O365 attack paths, common attacker methodologies, and analysis.
o Network metadata analysis and knowledge of commonly abused protocols.
o Expert knowledge of credential harvesting tools and methodologies.
o Experience countering ransomware threat actors / operations preferred.
Preferred Qualifications
* Experience intrusion analysis / incident response, digital forensics, penetration testing, or related areas.
* 5+ years of hands-on SOC/TOC/NOC experience.
* GIAC certification(s) strongly preferred. CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred.
* Familiarity with technologies such as Sentinel, Splunk, Microsoft Defender suites, Crowdstrike Falcon, SentinelOne.
* Familiarity with GPO, Landesk, or other IT Infrastructure tools.
* Understanding and/or experience with one or more of the following programming languages: JavaScript, Python, Lua, Ruby, GoLang, Rust.
Education
* Minimum bachelor's degree in information security, Computer Science, or other IT-related field or equivalent experience.