SOC Analyst:

"Role Responsibilities:(what they will be doing)" "The Cyber Threat Analyst, or SOC Analyst, is a triage specialist within the Security Operations Center within the larger Cyber Fusion Center (CFC) org. These analysts are responsible for working alerts in a diligent manner to assess them for signs of malicious or highly anomalous behavior. Aided by automation, alerts will need to be escalated as appropriately to more advanced analysts, leads, responders, and cyber managers.This role with have an emphasis on cloud, particularly AWS and Azure. The Senior SOC Analyst is is an mid-level SOC role within the 24/7 Cyber Fusion Center (CFC) organization. The role is responsible for monitoring, triaging, and escalating security events properly in any technology environment. This role will specifically support standard checks every 30 minutes to 1 hour looking for anomalies across various tools, including applications, network traffic, data sources, etc.This role will evaluate data collected from a variety of cyber operations tools (e.g., SIEM, IDS alerts, firewalls, network traffic logs, cloud platforms, and SOAR solutions) to analyze events that occur within their environments for the purposes of mitigating threats in both structured and unstructured situations. Individuals in this role are proactive and well-versed in log, identity, cloud, network, and root cause analysis.• Characterize and analyze alerts to understand potential threats.• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.• Document and escalate incidents that may cause ongoing and immediate impact to the environment.• Provide daily summary reports of events and activity relevant to cyber operations.• Perform cyber Operations trend analysis and reporting.• Perform thorough and high-quality triage and analysis for all alerts.• Demonstrate strong communication skills both written and verbal.• Actively engage in team chats, calls, and face to face settings.• Constantly contribute to SOC runbooks.• Recommend improvements to automations, alert fidelity, and security controls. ""Must Have Sklls/Prior Experiences:(Vendor should not submit any candidate that does not have these skills/prior experience.)" "• The Cyber Threat Analyst, or SOC Analyst, must have skills in email, log, and network analysis.• Knowledge of common IT and security concepts with emphasis on TCP/IP network security, operating system security, modern attack and exploitation techniques is important.• Experience conducting analysis in AWS and Azure environments. ""Plus/Nice to Have Sklls/Prior Experiences:(Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.)" "• Certifications like the: Security+, Network+, CySA+, any cloud certifications, etc.• Ability to solve problems by applying best practices. Demonstrated proficiency utilizing security platforms related to logging, event correlation, incident management, and vulnerability management.• Demonstrated teamwork and collaboration skills.• Strong time management skills and ability to manage competing priorities effectively.• Highly effective verbal and written communication skills for the purpose of providing extensive information about event timelines, technical designs, system concepts and business impact to audiences at all levels within the organization.• Highly effective verbal and written communication skills for the purpose of providing extensive information about event timelines, technical designs, system concepts and business impact to audiences at all levels within the organization.• Support a variety of tasks in support of the larger Cybersecurity Mission• Demonstrate the ability to work as a self-starter and acquire new skills quickly• Exemplify the characteristics of a great team player and overall positive mindset• Ability to support an on-call and regular shift within a 24/7 operations environment.• Ability to obtain requisite technical certification(s) within six months of hire.• Knowledge of cloud fundamentals• Knowledge of general information technology (IT) and cybersecurity• Knowledge of computer networking concepts and protocols, and network security methodologies.• Knowledge of network traffic analysis and packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).• Knowledge of operating systems, including Windows/Unix ports and services.• Knowledge of basic identity and access management concepts• Knowledge of phishing tactics and techniques• Knowledge of cyber threats and vulnerabilities.• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).• Knowledge of incident response and handling methodologies.• Knowledge of countermeasures to address a variety of threats• Knowledge of basic automation, ML, and/or AI possibilities. "EEO EmployerApex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at employeeservices@apexsystems.com or 844-463-6178.