KLA Cybersecurity Analyst - Threat Detection Hybrid 

United States, Michigan, Ann Arbor 

723711141

The SOC Analyst is responsible for advanced incident response, threat hunting, and maintaining the security tools that are used to secure our environment. This individual will have a specific focus on Incident Response, tuning detection rule-sets, and generating and responding to tickets across relevant IT and Cybersecurity teams.

Essential Duties and Responsibilities:

• Act as an active member of the team, which monitors and process responses for security events on a 24x7 basis to include serving in a rotational on-call capacity

• IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms

• Proactively monitor SIEM, EDR, and network based alerts, and respond to active threats to internal networks

• Actively preform detection, monitoring, analysis, and resolution of security incidents

• Plan and implement regular incident response and postmortem exercises, with a focus on crafting measurable benchmarks to show progress (or deficiencies requiring additional attention)

• Review and analyze cyber threats and provide SME support and training to junior level security analysts

• Transform threat intelligence into effective detection logic and new signatures for integration with SIEM and EDR platforms

• Evaluate existing detection rules and facilitate the development and tuning of AV, EDR, and SIEM rules to ensure high fidelity alerting

• Communication with management as required, keeping leaders informed of incident progress, notifying of impending changes or agreed outages

• Prioritize their own work to provide a positive customer experience

• Must maintain awareness of trends in security regulatory, technology, and operational requirements

Additional Duties and Responsibilities:

• Some domestic and/or international travel (up to 25%) may be required

• Ability to communicate clearly with other team members in a hybrid environment

• Generate reports from different data sources and present to management when requested

Minimum Qualifications

• Bachelor's Degree in a Computer Science, Cybersecurity or related field is required

• Minimum five (5) years of related experience in Cybersecurity with a large, global organization

• Minimum three (3) years of experience working in or with a Security Operations Center (SOC) in an Incident Responder role

• Strong working knowledge of technologies such as:firewalls/AV/EDR/IPS/IDS/SIEMsystems

• Strong working knowledge of common security appliances including: EDR, SIEM, AV, scanners, proxies, WAF, Netflow, IDS and forensics tools

• Proficiency in Operating Systems (Windows and Linux)

• Ability to multi-task, adapt to changes quickly and handle heavy ticket volumes

• Technical awareness: ability to match resources to technical issues appropriately

. Please ensure that you have searched