Senior Technical Analyst
Senior Technical Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Company Overview
Incedo is a US-based consulting data science and technology services firm with over 3000 people helping clients
from our six offices across US Mexico and India. We help our clients achieve competitive advantage through
end-to-end digital transformation. Our uniqueness lies in bringing together strong engineering data science and
design capabilities coupled with deep domain understanding. We combine services and products to maximize
business impact for our clients in telecom Banking Wealth Management product engineering and life science
& healthcare industries.
Working at Incedo will provide you an opportunity to work with industry leading client organizations deep
technology and domain experts and global teams. Incedo University our learning platform provides ample
learning opportunities starting with a structured onboarding program and carrying throughout various stages of
your career. A variety of fun activities is also an integral part of our friendly work environment. Our flexible
career paths allow you to grow into a program manager a technical architect or a domain expert based on your
skills and interests.
Our Mission is to enable our clients to maximize business impact from technology by
- Harnessing the transformational impact of emerging technologies
- Bridging the gap between business and technology
Role Description
Position Description:
Incedo is seeking a SOC Analyst (L3/Tier 3/Threat Hunter) to join our rapidly growing cybersecurity team!
Role and responsibilities:
Participate in a rotating SOC on-call; rotation is based on the number of team members.
Provide first-line SOC support with timely triage routing and analysis of SOC tasks.
Researches develops and monitors custom visualizations.
Researches analyzes and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC security engineering and executives.
Tunes and develops SIEM correlation logic for threat detection.
Ensures documentation is accurate and complete meets editorial and government specifications and adheres to standards for quality graphics coverage format and style.
Develop scripts using Python to automate IR functions including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks.
Produce and review aggregated performance metrics.
Perform Cyber Threat Assessment and Remediation Analysis
Processing organizing and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data.
Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities including but not limited to Insider Threats Rule of Engagement (ROE) Threat Hunting After Action Reports and other artifacts to support testing monitoring and protecting the enterprise.
Investigate network and host detection and monitoring systems to advise engagement and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions.
Participate in on-call rotation for after-hours security and/or engineering issues.
Participate in the increase of effectiveness and efficiency of the SOC through improvements to each function as well as coordination and communication between support and business functions.
Think critically and creatively while analyzing security events network traffic and logs to engineer new detection methods.
Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection.
Technical Skills
Required Experience / Skills:
Minimum of nine (9) years technical experience
7 years of experience in SOC security operations cyber technical analysis threat hunting and threat attribution assessment with increasing responsibilities.
3 years of rule development and tuning experience
1 years of Incident response
Deep understanding of Cyber Threat TTPs Threat Hunt and the application of the MITRE Attack Framework
Knowledge of security operations and attacker tactics
Ability to identify cyber-attacks and develop monitoring logic
Experience supporting 24x7x365 SOC operations including but not limited to Alert and notification activities- analysis/triage/response Review and action on Threat Intel for IOCs and other operationally impactful information initial review and triage of reported alerts and Incidents.
Support alert and notification triage review/analysis through resolution / close
Manage multiple tickets/alerts in parallel including end-user coordination.
Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response.
Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar MS Sentinel FireEye Elastic SourceFire Malware Bytes CarbonBlack/Bit9 Splunk Prisma Cloud/Compute Cisco IronPort BlueCoat
Experience and solid understanding of Malware analysis
Demonstrated proficiencies with one or more toolsets such as QRadar MS Sentinel Bit9/CarbonBlack Endgame FireEye HX / CM / ETP Elastic Kibana
Experience and ability to use contribute develop and follow Standard Operating Procedures (SOPs)
Nice-to-have skills
- In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools SIEM email security solutions CISA Threat Intel Sources
Experience with scripting languages applied to SOC operations; for example automating investigations with tools automating IOC reviews support SOAR development.
Experience with bash python and Windows PowerShell scripting
Demonstrated experience with triage and resolution of SOC tasks including but not limited to vulnerability announcements phishing email review Tier 1 IR support SIEM/Security Tools - alert analysis.
Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources.
Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows) Network Security Devices and other enterprise tools.
Demonstrated proficiencies with an enterprise SIEM or security analytics solution including the Elastic Stack or Splunk.
Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar MS Sentinel Carbon Black FireEye Palo Alto Cylance and OSSEC
Experience and solid understanding of Malware analysis
Understanding of security incident response processes
Qualifications
Qualifications:
- Bachelors degree in computer science Information Technology or a related field.
- Experience of 5 years or 3 years relevant experience.
- Strong troubleshooting and problem-solving skills.
- Excellent communication and interpersonal skills.
- Ability to work independently and as part of a team.
- Strong organizational and time management skills.
- Willingness to work after hours and provide on-call support.
Company Value
We value diversity at Incedo. We do not discriminate based on race religion color national origin gender sexual orientation age marital status veteran status or disability status.
Required Experience:
Senior IC
Employment Type
Full Time
