Security Operation Center Analyst 2
Location: Eatontown, NJ
The Security Operation Center (SOC) Analyst II is responsible for monitoring and responding to security related alerts triggered in the SIEM tool within Aspire Technology Partners’ Managed Service Clients. Primary responsibilities include correlation of data from various sources; determining if a critical system or data set has been impacted; provides recommendations on remediation; provides support for new analytic methods for detecting threats; and serve as an escalation point of contact for SOC interns and Analysts 1.
The SOC Analyst 2 will use a variety of tools to investigate incidents and take immediate action or recommend a course of action to safeguard Aspire’s Managed Services Clients. The Analyst 2 will document all incidents and create a clear narrative that supports their conclusions. The Analyst 2 will prioritize and differentiate between potential intrusion attempts and false alarms, create and track security investigations to resolution, compose security alert notifications and other communications and advise Analyst 2 in the steps to take to investigate and resolve computer security incidents.
ESSENTIAL DUTIES AND RESPONSIBILITIES- MAY INCLUDE THE FOLLOWING: OTHER DUTIES MAY BE ASSIGNED.
- Ensure that all SOC (Security Operations Center) tickets are handled and resolved within SLAs (Service Level Agreements)
- Stay up to date with current security vulnerabilities, attacks, and countermeasures
- Monitor security alarm activity from remote communications sites to ensure company compliance
- Create and run search queries in SIEM tools to help with identifying and troubleshooting security issues
- Utilize tools (e.g., Wireshark, Nmap, PCap, etc.) to identify and map devices on the network
- Open, track, and close trouble tickets
- Answer incoming calls and monitor various e-mail accounts and act according to SOC procedures and processes
- Interface with field personnel to mitigate security incidents
- Serve as a mentor to interns and level 1 SOC members
- Works closely with SOC Incident Responder
- Create and update playbooks based on trends analysis to triage and remediate security events
- Prepare SOC reports as required
- Investigate and provide deep technical analysis of various security incidents and possible compromise of systems
- Provide recommendations for responding to security incidents
- Work directly with other NOC members for issue resolution
- Provide direct communication to affected users and companies on security incidents and maintenance activities
- Maintain detailed notes within Operational Management systems on all security issue resolution activities
- Maintain customer technical information within defined documentation standards
- Obtain/maintain technical/professional certifications applicable to position or as directed
- Manage and maintain SOC monitoring and alerting systems
- Assess and identify appropriate solutions to be integrated into the systems operation and make recommendations for implementation and troubleshooting
- Communicate with customers, peers, team and managers regarding incident and change management
- Ability to support Aspire SOC as needed to support 24/7 coverage
- Provide emergency on-call support on a rotating schedule
- Perform other duties as assigned
Minimum Education and Experience:
- High School diploma
- 2-5 years of Security Analyst 1 experience and security experience
- Knowledge and understanding of event/alert management, incident and change management processes
- Experience working in a fast-paced Security Operations Center a plus
Preferred Education and Experience:
- Bachelor’s Degree preferred
- 2+ years of experience working in a NOC or SOC
- 5+ years of networking and/or security experience
- Experience in Security Management and SIEM (e.g., AlienVault)
- Experience in Network Management Tools (e.g., Vistara/OpsRamp)
- Experience with Ticket Management Tools (e.g., ConnectWise)
- Experience with EDR tools like Cisco AMP, CrowdStrike, or Carbon Black a plus
- Experience with Cisco Firepower, Umbrella, StealthWatch Cloud a plus
- Possession of Industry Certifications (Security+, CISSP, GCIH, ECIH, ITIL, etc.)
OTHER SKILLS and ABILITIES:
- Excellent Interpersonal Skills (develop and maintain strong working relationships)
- Strong work ethic
- Strong communication skills
- Ability to prioritize tasks.
- Strong organizational skills
- Occasional overtime may be required
- Basic telephone operation skills
- Excellent customer service skills
- Familiarity with ITIL Processes
- Proficiency in Microsoft Office programs and ability to learn specialized system tools
- Ability to multi-task in a fast-paced environment
- Detailed oriented with strong written and verbal communication skills
TRAVEL: (Limited to No Travel)
PHYSICAL DEMANDS: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee frequently is required to stand; walk; and use hands to finger, handle, or feel objects, tools, or controls. The employee is occasionally required to reach with hands and arms. The employee must occasionally lift and/or move up to 35 pounds. Specific vision abilities required by this job involve normal vision.
WORK ENVIRONMENT: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The noise level in the work environment is usually quiet to moderate.