Security Operation Center (SOC)

Position Purpose and Description

This position exists to detect and respond to security incidents, breaches, indicators of compromise, etc., in regard to data, networks, devices, cloud platforms, and business systems across the organization.

The primary role of the Security Operation Center (SOC) Analyst is to monitor the organization’s IT infrastructures for security threats and safeguard of the company's digital assets, by proactive threat hunting, detection engineering, etc.

The SOC Analyst will also assist during an incident response to ensure all in scope assets which have been, or currently are in the process of being attacked and/or compromised are properly protected.

Expected Outcomes & Actions – Weighting

THREAT PREVENTION (60%)

• Conduct a preliminary analysis of suspicious files and network traffic to identify malware and determine its capabilities and potential impact.
• Proactive threat hunting to determine if there are ongoing attacks, indicators of compromise, insider threats, etc. that might have evaded automated detection across the organization and flag any missing alerts and/or triggers to Security Analyst.
• Monitor network traffic to detect and respond to threats immediately as they occur.
• Engage in malware analysis, reverse engineering of binary/executable files, etc. using the required tools and techniques.
• Research the organization's network structures, computer systems, etc. and flag any gaps in visibility.
• Actively tracking possible supply-chain attacks and security alerts feeds.

THREAT OPERATIONS (20%)

• Provide effective detection engineering (configuration and testing of alerts, SIEM rules review, SOAR/Automated response, etc.)
• Support Red Team efforts when performing internal and external security pentesting to ensure we have visibility on these attacks.
• Support and participate in security simulations and Red Team exercises.
• Recognize and flag security flaws or errors.
• Keep updated on latest technologies, infrastructure changes, business system and platform changes, modifications to cloud platforms and organization’s implementations.

THREAT RESPONSE (20%)

• Participate in incident response meetings in collaboration with various teams (such as Legal, GTS, departmental leadership).
• Assist with computer and network forensics investigations when required.
• Provide effective and timely insider threat response and investigation.
• Assist with security incident response reports (for security incidents, threat hunting results, insider threat activities, etc.) including a timeline, root cause and findings.