Careers with CyberMaxx

Security Operations Center (SOC) Analyst

POSITION SUMMARY 

CyberMaxx is looking to add a Security Operations Center (SOC) Analyst to its top-tier team. The SOC Analyst works as part of a 24/7 operational team to perform first-level analysis and triage on incoming network, EDR, and SIEM alerts. The position works closely with the SOC Manager and shift leaders to prevent, detect, and respond to cyberattacks. This position joins a team that supports operations in all US time zones and offices in both the Philippines and Ireland.  As a result, candidates that reside in the Central Time Zone are preferred.

PRIMARY DUTIES | RESPONSIBILITIES 

The SOC Team includes Analysts from junior-senior level.  As such, the background and experience of qualified candidates will determine the level of position and impact the specific responsibilities.  The list of primary duties below encompasses those found in a 1-3 level structure.

SOC Analyst-level 1

• Classify and prioritize incidents based on established criteria.
• Collect and analyze raw events and alerts, constructing timelines surrounding adversarial activities.
• Provide feedback on alerts and events to improve detection capabilities.
• Facilitate communications, such as email and SOC operations related phone calls.
• Regularly track work in a ticketing/tracking system, ensuring thoroughness for knowledge base use and customer consumption.
• Assist in the documentation of incident investigation and response procedures.
• Participate in periodic internal incident response drills and simulations to ensure the SOC team's preparedness for complex incidents.
• Follow playbooks to respond to various cybersecurity events
• Communicate with customers via phone and email to advise them of issues and answer questions
• Work with other SOC team members to investigate cybersecurity events, escalating issues to more senior team members, as needed
• Work in a 24x7 shift rotation to perform SOC monitoring duties

SOC Analyst - level 2

• Coordinate and manage incident investigations, including basic forensics activities if needed.
• Conduct after-action reviews on high-impact and noteworthy incidents, identifying process and human capital improvements.
• Act as a primary subject matter expert for one or more security products.
• Act as an escalation point for complicated or sensitive work, ensuring quality and documenting for knowledge sharing.
• Act as a primary technical point of contact with customers.
• Collaborate with Tier 1 analysts to train and develop response and investigation where possible.
• Participate in periodic client facing incident response drills and simulations to ensure the SOC team's preparedness for complex incidents.

SOC Analyst-level 3

• Lead and oversee the investigation of the most complex and critical security incidents and breaches.
• Conduct deep-dive analysis to gain insight into sophisticated attack techniques.
• Coordinate and advise clients on escalated incident triage and response.
• Review recently closed incidents for completeness, accuracy, and quality of work.
• Monitor cases, incidents, etc. for opportunities to improve investigations, tune signatures, or enhance team expertise and advise the manager on findings for additional discussion.
• Act as a primary subject matter expert for multiple security products as advised by your manager.
• Provide regular training to peers in the SOC to enhance team skill and experience.
• Act as a primary technical point of contact with customers.

QUALIFICATION | SKILLS 

• Analytical mindset and aptitude to learn quickly
• Customer Service Focus
• A solid foundational understanding of core cybersecurity and infrastructure technologies; TCP/IP networking, systems administration (Windows and/or Linux), E-mail, DNS, firewalls, etc.
• Must be reliable, punctual, and willing to work in a 24/7 operations center (shift work required)
• BS degree in Engineering, Mathematics, Computer Science, Information Security, or Information Systems preferred
• Experience with deploying, maintaining, or using one or more of the following Security Solutions: SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security
• One or more security-related certifications from any of the following organizations: GIAC, ISC(2), CompTIA, EC-Council, Offensive Security, PMI, Cisco, Microsoft, Apple, Amazon.
• Bachelor of Information Technology, Computer Science, Computer Engineering, Cybersecurity, Communications, Business or other related fields of study.
• Demonstrates a personal interest in cybersecurity outside work hours.
• Programming/Scripting experience.
• Experience in an MSSP environment or performing similar duties.
• Experienced in reviewing event logs.
• Experience writing security product signatures, alerts, etc.

HIGHLIGHT OF CYBERMAXX'S BENEFITS | PERKS 

• Medical, dental, and vision coverage
• 401(k) with company match
• Unlimited PTO
• Fully Remote Office
• Performance- based bonus opportunities
• Cell Phone/Internet Reimbursement

We are a company that cares deeply for its employees, and we understand that all of us have lives outside of work. We encourage a balanced life, and we’ll do everything we can to ensure you find us to be a welcoming, inclusive company. We encourage people of all backgrounds and identities to apply. 

ABOUT CYBERMAXX 

CyberMaxx provides operational cybersecurity solutions that protect large healthcare, financial services and other security-sensitive organizations' technology assets. We prevent, detect, and respond to cyber-attacks through 24/7/365 managed security services so our clients can spend their time, talent, and budget on running their business without worry of being in the headlines.

With more than 20 years of experience, we have been consistently rated as one of the top Managed Detection and Response (MDR) Service Providers in the US,

CyberMaxx is a great place to work and we have the awards and people to prove it!