SOC Analyst - Level 1

POSITION SUMMARY: 

The SOC Analyst (Level 1) will use a variety of tools to investigate incidents and take immediate action or recommend a course of action to safeguard Aspire’s Managed Services Clients. The SOC Analyst (Level 1) is responsible for monitoring and responding to security related alerts triggered in the SIEM tool within Aspire Technology Partners’ Managed Service Clients. Primary responsibilities include incident triage, correlation of data from firewall, endpoint security, SASE and IPS logs; determining if a critical system or data set has been impacted; provides recommendations on remediation; and provides support for new analytic methods for detecting threats.

ESSENTIAL DUTIES AND RESPONSIBILITIES- MAY INCLUDE THE FOLLOWING: OTHER DUTIES MAY BE ASSIGNED. 

• Ensure that all SOC (Security Operations Center) tickets are handled and resolved within SLAs (Service Level Agreements).
• Perform detailed analysis of threats and security events, using sound analytical skills, knowledge, and experience, with a clear narrative to support conclusions. 
• Maintain records of security events investigated, detailed notes of security incident resolution, and incident response activities, utilizing ticketing systems.
• Make situational incident response recommendations based on best practice security policies that address the client’s business need.
• Research and stay up to date with current security vulnerabilities, attacks, threat actors, security advisories and the MITRE Attack Framework. 
• Manage, maintain, and monitor security alerting systems from remote communications sites to ensure company compliance.
• Create and run search queries in SIEM tool to help with identifying and troubleshooting security issues.
• Utilize tools (e.g., Wireshark, Nmap, PCap, etc.) to identify and map devices on the network.
• Open, track and close trouble tickets. 
• Answer incoming hot line calls and monitor various e-mail accounts and act according to SOC procedures and processes.
• Interface with client through email, phone calls, and meetings or Aspire field personnel to mitigate security incidents.
• Assist with the preparation of SOC reports, research papers, and blog posts.
• Investigate and provide technical analysis of various security incidents and possible compromise of systems.

· Works as Tier I support and will work directly with Tier II and TIER III and NOC Engineers for issue resolution.

• Provide direct communication to affected users and companies on security incidents and maintenance activities.
• Maintain customer technical information within defined documentation standards.
• Obtain/maintain technical/professional certifications applicable to position or as directed.
• Communicate with customers, peers, team, and managers regarding incident and change management.
• Provide emergency on-call support on a rotating schedule.
• Perform other duties as assigned.

Minimum Education and Experience:

• Associates / bachelor’s or equivalent
• 1+ year of professional work experience in cyber security field[GU1] 
• 1+ year of experience with Security Event / Alert Management, Incident Response, and Change Management Processes
• 1+ year of experience handling security events related to Malware Detection and Analysis, Indicators of Compromise (IOC), Email Phishing, Endpoint Detection and Response (EDR) 
• Knowledge of Runbooks, Playbooks and following Standard Operating Procedures

Preferred Education and Experience: 

• Bachelor’s Degree preferred.
• Possession of an Industry Certification (Security+, CySA+, Cisco Cyber-Ops Associate, NSE4, or similar)
• 1+ years of experience in Security Management. SIEM and Log Management (Splunk, OSSIM, FortiSIEM, LogRhythm, etc.)
• Experience with Firewalls (Palo Alto Networks, Cisco Firepower Manager)
• Experience with Endpoint Security (Cisco Secure Endpoint, CrowdStrike Falcon, Carbon Black, Microsoft Advanced Threat Protection) 
• Experience with Network Traffic Analytics (Cisco Stealthwatch Cloud, Darktrace)
• Experience with DNS Security (Cisco Umbrella, Forcepoint) 
• 2+years of experience with Ticket Management Tools (e.g., ConnectWise,        ServiceNow)

OTHER SKILLS and ABILITIES:

• Excellent Interpersonal Skills (develop and maintain strong working relationships)
• Displays ownership of tasks[GU2] 
• Detailed oriented with strong written and verbal communication skills.
• Ability to prioritize tasks.
• Strong organizational skills
• Occasional overtime, afterhours work, or weekend availability may be required.
• Basic telephone operation skills
• Excellent customer service skills
• Familiarity with ITIL Processes
• Proficiency in Microsoft Office programs and ability to learn specialized system tools
• Ability to multi-task in a fast-paced environment