Security Operations Center Analyst

Harrisburg, PA - USA

Monthly Salary: $ 56320 - 67200

Posted on: 12 hours ago

Vacancies: 1 Vacancy

Job Summary

We are the leading provider of professional services to the middle market globally our purpose is to instill confidence in a world of change empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled culture and talent experience and our ability to be compelling to our clients. Youll find an environment that inspires and empowers you to thrive both personally and professionally. Theres no one like you and thats why theres nowhere like RSM.

In order to address the most critical needs of our clients RSM US LLP established the Cyber Risk and Data Protection group comprised of more than 170 professionals dedicated exclusively to serving the cybersecurity needs of our clients. This group includes experienced consultants located throughout the United States and Canada dedicated to helping clients with preventing detecting responding and recovering to security threats that may affect their critical systems and data. We serve a diverse client base within a variety of industries and we are relied upon to provide expertise across the full suite of security and privacy capabilities including managing the daily activities associated with our clients security operations.

We are seeking individuals with an interest in working in the field of cybersecurity and a desire to help organizations improve their operations to join our team and help run the ongoing security operations for RSM clients in a variety of industries and geographic candidates will have working knowledge in some or all of these areas IT operations security monitoring Active Directory Cloud technologies.

At RSM analysts work with large and small companies in variety of industries. They develop strong working relationships with their peers within the security operations center (SOC) while learning their clients businesses and challenges facing their organizations. Analysts work as part of a broader team under the direction of more senior analysts shift leads and SOC managers in support of multiple clients. Working in a mutually respectful team environment helps our analysts perform at their best and integrate their career with their personal life. You will have the opportunity to:

Investigate security incidents using SIEM tools automation and other cybersecurity technologies (i.e ServiceNow Stellar Cyber SentinelOne Microsoft Defender for Endpoint ELK Stack Virustotal Passive DNS)
Analyze escalate and assist in remediation of critical information security incidents
Improve and challenge existing processes and procedures in a very agile and fast-moving information security environment
Process IDS alerts and identifying incidents and events in customer data.
Setup and execution of vulnerability scans (Tenable/Nessus)
Read/interpret outputs from vulnerability scans
Perform initial analysis and investigation into alerts as they are seen
Performing initial basic malware analysis utilizing automated means (static and dynamic sandbox analysis or other available tools)
Incident intake ticket updates and reporting of cyber events and threat intelligence
Understanding identifying and researching indicators of compromise (IOCs) from a variety of sources such as threat intelligence reports and feeds
Writing incident reports process documentation and interact with customers if needed.
Transcribe and implement atomic indicators into a monitoring environment.
Consume policy documentation and determine applicability in a network.
Work with protocols at layers 2 and higher in the OSI model to include ARP TCP UDP ICMP DNS Telnet SSH HTTP SSL SNMP SMTP and other common protocols that use well-known ports.
Open to working shifts in a 24x7 operations environment

Basic qualifications for an associate-level position include:

Minimum A.S or A.A.S. degree or equivalent from an accredited university by the time employment commences or prior relevant military / law enforcement experience
Computer science information technology information systems management or other similar degrees preferably with a focus on information security

0-2 years experience working in a security operations center or networking operations center capacity
Must have a naturally curious mindset and approach to solving problems
Basic understanding of cloud technologies and operations
Experience supporting various operating systems such as Windows/Linux
Understanding of network protocols
Motivated self-starter with strong written and verbal communication skills
Strong analytical and troubleshooting skills.

Beneficial but not required qualifications for an associate-level position include:

Security incident and event management (SIEM/Data) tools such as Splunk LogRhythm Devo Elasticsearch etc.
Common cloud platforms Amazon Web Services (AWS) Microsoft Azure Google Cloud Platform
Security orchestration and automated response (SOAR) tools such as: Shuffle SOAR and other open source security tools etc.
Vulnerability tools such as: Kenna Tenable Qualys etc.
Threat intelligence tools such as Recorded Future and MISP
Endpoint/HIDS detection and response tools such as: CarbonBlack Crowdstrike Wazuh etc.
Cloud access service brokers such as Netskope ZScaler McAfee Forcepoint
Technical understanding of core current cybersecurity technologies and threats as well as emerging capabilities.
Hands-on cybersecurity experience within a Computer Incident Response organization.
Demonstrated understanding of the life cycle of cybersecurity threats attacks attack vectors and methods of exploitation with an understanding of intrusion set tactics techniques and procedures (TTPs).

At RSM we offer a competitive benefits and compensation package for all our offer flexibility in your schedule empowering you to balance lifes demands while also maintaining your ability to serve more about our total rewards at applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs practices or observances; sex (including pregnancy or disabilities related to nursing); gender; sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable federal state or local law.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/ is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application interview or otherwise participate in the recruiting process please call us at or send us an email at .

RSM does not intend to hire entry-level candidates who require sponsorship now or in the future. This includes individuals who will one dayrequest or require RSM to file or complete immigration-related forms or prepare letters on their behalf in order for them to obtain or continue their work authorization.

RSM will consider for employment qualified applicants with arrest or conviction records. For those living in California or applying to a position in California please click here for additional information.

At RSM an employees pay at any point in their career is intended to reflect their experiences performance and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including but not limited to education skills work experience certifications location etc. As such pay for the successful candidate(s) could fall anywhere within the stated range.

Compensation Range: $56320 - $67200

Required Experience:

Investigate security incidents using SIEM tools automation and other cybersecurity technologies (i.e ServiceNow Stellar Cyber SentinelOne Microsoft Defender for Endpoint ELK Stack Virustotal Passive DNS)
Analyze escalate and assist in remediation of critical information security incidents
Improve and challenge existing processes and procedures in a very agile and fast-moving information security environment
Process IDS alerts and identifying incidents and events in customer data.
Setup and execution of vulnerability scans (Tenable/Nessus)
Read/interpret outputs from vulnerability scans
Perform initial analysis and investigation into alerts as they are seen
Performing initial basic malware analysis utilizing automated means (static and dynamic sandbox analysis or other available tools)
Incident intake ticket updates and reporting of cyber events and threat intelligence
Understanding identifying and researching indicators of compromise (IOCs) from a variety of sources such as threat intelligence reports and feeds
Writing incident reports process documentation and interact with customers if needed.
Transcribe and implement atomic indicators into a monitoring environment.
Consume policy documentation and determine applicability in a network.
Work with protocols at layers 2 and higher in the OSI model to include ARP TCP UDP ICMP DNS Telnet SSH HTTP SSL SNMP SMTP and other common protocols that use well-known ports.
Open to working shifts in a 24x7 operations environment

Basic qualifications for an associate-level position include:

Minimum A.S or A.A.S. degree or equivalent from an accredited university by the time employment commences or prior relevant military / law enforcement experience
Computer science information technology information systems management or other similar degrees preferably with a focus on information security

0-2 years experience working in a security operations center or networking operations center capacity
Must have a naturally curious mindset and approach to solving problems
Basic understanding of cloud technologies and operations
Experience supporting various operating systems such as Windows/Linux
Understanding of network protocols
Motivated self-starter with strong written and verbal communication skills
Strong analytical and troubleshooting skills.

Beneficial but not required qualifications for an associate-level position include:

Security incident and event management (SIEM/Data) tools such as Splunk LogRhythm Devo Elasticsearch etc.
Common cloud platforms Amazon Web Services (AWS) Microsoft Azure Google Cloud Platform
Security orchestration and automated response (SOAR) tools such as: Shuffle SOAR and other open source security tools etc.
Vulnerability tools such as: Kenna Tenable Qualys etc.
Threat intelligence tools such as Recorded Future and MISP
Endpoint/HIDS detection and response tools such as: CarbonBlack Crowdstrike Wazuh etc.
Cloud access service brokers such as Netskope ZScaler McAfee Forcepoint
Technical understanding of core current cybersecurity technologies and threats as well as emerging capabilities.
Hands-on cybersecurity experience within a Computer Incident Response organization.
Demonstrated understanding of the life cycle of cybersecurity threats attacks attack vectors and methods of exploitation with an understanding of intrusion set tactics techniques and procedures (TTPs).