The Tier 1 SOC Analyst supports a 24x7x365 Security Operations Center and monitors security tools, assesses threats, and risks involving client infrastructure. This position provides first tier response to security incidents for managed services customers. The Tier 1 SOC Analyst also provides firewall change management and change control services. The role follows standard operating procedures for detecting, classifying, and reporting incidents under the supervision of the SOC Manager and in partnership with Tier 2 SOC Analysts. This position requires shift work.
An experienced Tier 1 SOC Analyst will have the ability to utilize commercial and OpenSource tools to quickly analyze, detect, and respond to cyber security incidents. Candidates must have the ability to learn new concepts and development methodologies quickly and have the ability to interact with other teams on time sensitive incidents.
Reports to (Supervisor/Manager):
Works under the supervision of the Manager, Security Operations Center.
Essential Duties and Responsibilities:
Works with other SOC team members to
- Provide dedicated monitoring and analysis of cyber security events (triage).
- Events of Interest (EOI) handling and escalation.
- Processes incident communications to include initial reporting, follow-ups, requests for information and resolution activity.
- Analyze security threats for managed services customer networks.
- Process change requests for managed firewall / unified threat management (UTM) customers.
- Provide remote support to customers for incident response.
- Monitor Denial of Service (DoS) systems for alerts and incident response.
- Participate in budgetary discussions relative to compute and storage infrastructure.
- Remain engaged with technical forums and user groups.
- Evaluate applicability, test, and certify new products.
- Other relevant tasks as directed by department leadership.
Desired Minimum Qualifications:
Education and Experience:
- Graduation from an accredited four‑year college or university in a technical / engineering discipline;
- Two (2) years of experience in cyber security and/or information technology (IT) security;
- One to Two (1-2) years SOC environment experience with security engineering and monitoring experience is required.
- Experience in analyzing security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS) is required.
- Experience performing security analysis using Security and Incident Event Management (SIEM) technologies systems is required.
- Experience performing analysis utilizing IDS consoles is required.
- Experience with Linux is preferred.
- LogRhythm experience is highly desirable.
- Any equivalent combination of education and experience will be considered.
Necessary Knowledge, Skills, and Abilities:
- Excellent verbal and written communication skills required.
- Experience in troubleshooting in a technical environment.
- Excellent analytical and problem solving skills.
- Software and hardware knowledge of computing, storage, networking, and peripheral devices.
- Proficiency with case management and ticketing systems.
- Superior customer service skills.
- Phone and remote support experience, knowledge and resolution ability required.
- An understanding of basic programming (Python as an example) and the ability to understand hexadecimal is preferred.
- Strong understanding of layer 2/3 networking and associate protocols.
- Desirable certifications include Security+, CEH, GCIA, CISSP or similar.
- Active security clearance is a plus but not required.
- Ability to obtain Public Trust clearance.
This position may require occasional travel for training and meetings. Projected <5%.
Tools and Equipment Used:
Personal computer, including word-processing, database and spreadsheet programs; calculator, telephone, copy and fax machine, Microsoft Office and Visio applications, and specialized security tools such as LogRhythm and Arbor Networks PeakFlow.
- The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Percentage of time sitting at desk, typing on keyboard, viewing computer monitor; 70% – 80%.
- While performing the duties of this job, the employee is frequently required to sit and talk or hear. The employee is occasionally required to walk; use hands to finger, handle, or feel objects, tools, or controls; and reach with hands and arms.
- The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.
- The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Formal application, rating of education and experience; oral interviews and reference check; job related tests may be required.
The duties listed above are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or a logical assignment to the position.
The job description does not constitute an employment agreement between the employer and employee and is subject to change by the employer as the needs of the employer and requirements of the job change.