Truist Principal SOC Analyst 

United States, Georgia, Atlanta 

391582947

Conduct cyber investigations for escalated and challenging computer security incidentsinto root cause.

Develop tactical and strategic cyber intelligence fromacquiredthreat intelligence and technical indicators from external and internal sources.

Participatein the creation and maintenance of use cases for recurring investigation/incident triggers in support of the 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.

Participate in the creation and maintenance of playbooks used in response for investigation/incident triggers in support of 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.

Interface with other teams in Information Security (e.g.network operations, Cyber Threat Operations Center (CTOC), vulnerability management) along with information and liability risk officers and technology management to help guide cyber security investigations and incidents.

Identifynew threat tactics, techniques and procedures used by cyber threat actors.

Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment.

The role is shift-based with weekend days and on-call supportrequired.

Positionis located in Atlanta on-site expectations in our downtown Cyber Fusion Center (CFC).

Bachelor’s degree in Computer Scienceor related field or equivalent education and related training

Eight years of experience in Cybersecurity or related work

Broad knowledge of general IT with mastery of one or more of the following areas: operating systems, networking, computer programing, web development or database administration

Demonstrated advanced knowledge of cyber security operations with mastery of one or more of the following: attack surface management, Security Operations Center (SOC) operations, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM) use, threats (including Advanced Persistent Threat (APT), insider), vulnerabilities, and exploits; incident response,investigationsand remediation

Experience with systems for automated threat intelligence sharing using industry standard protocols, such as Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indication Information (TAXII) Advanced knowledge of processes,proceduresand methods to research, analyze anddisseminatethreat intelligence information

Ability to lead and persuade individuals and large teams on ideas,conceptsand opportunities

Experience working in cloud environments, namely Microsoft Azure

Working familiarity with programming best practices.

Industry certifications in general technology and security (e.g.Network+,Security+,CySA+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, etc.)

Industry certifications inincident responseandother related credentials

Industry certifications in networking, such as Cisco Certified Network Associate (CCNA), Certified Wireless Network Administrator (CWNA) and/or Net+ and experience in the Intelligence Community (IC)

Demonstratedtechnicalleadership experience