The Mid SOC Analyst is part of the Security Monitoring and Response team which provides Department-wide 24x7 security, network system monitoring and incident handling. This includes monitoring, reporting, coordination and escalation, where applicable, of events and tracking of Department incidents. The SOC Analyst is responsible for providing effective security monitoring and incident response through triage, investigation, communication, and reporting.
· Provides technical support in system architecture, system design, system integration and technical management.
· Assists in providing technical input to the systems engineering process.
· Leads teams in developing application and technical plans.
· Guide customers in the installation and use of strategic products through education and guidance, first-rise and tuning assistance problem solving and critical situation resolution.
· At least 5 years of relevant experience.
· B.A. or B.S. degree in Computer Science, Engineering or a related field or equivalent experience. Five (5) years of direct related experience in related field may be substituted for a Bachelor's degree requirement.
- Perform all tasks required per shift including reporting, monitoring, and turnover
- Assess incident severity and escalate as needed
- Perform additional event/incident investigation and research as needed
- Utilize internal guidelines for effective call processing, escalation and client service
- Interact with network intrusion detection devices and other security systems via proprietary and commercial consoles, both local and remote
- Monitor and respond to alerts from network devices and work directly with vendors during circuit outages.
- An understanding of a wide array of server grade applications to include Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, and other
Preferred Technical Experience:
- Experience with Microsoft Windows, Linux, TCP/IP, UNIX, IP Routing, Internet connectivity and protocols (TCP/IP) VPNs, VLAN, NAT and security concepts
- Understanding of basic network services
- Experience with/Knowledge of Enterprise Security Information/Event Management (SIEM) systems, IDS devices, firewalls, and/or antivirus management
- Investigative and analytical problem solving skills
- Understanding of security threat and attack countermeasures
- Experience / Knowledge of variety of Intrusion Detection/Prevention platforms
- Experience with VPN, SSL, other encryption methodology / technology a plus
Knowledge of/Experience with the following:
-Lancope (Stealth Watch)
-PaloAlto Next Gen Firewalls
-Fire Eye MPS'
-HP Tipping point
- Must have strong written and verbal communication skills