The Role:
The SOC Analyst - Level 1 is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks.The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy. The SOC Analyst - Level 1 is part of the SOC Team. The team monitors, analyzes and responds to cyber threats on a 24x7 basis.
Responsibilities
- Identify significant IS threats and vulnerabilities
- Follow Pre-defined actions to handle BAU and High severity issues including escalating to other support groups
- Execute daily ad-hoc tasks or lead small projects as needed
- Create and maintain operational reports for Key Performance Indicators and weekly and monthly metrics
- Perform assessments and provide troubleshooting to help isolate technical issues based on a dynamic threat landscape
- Participate in ad-hoc conference calls as needed to manage quality assurance and documentation related tasks
- Identify areas for tuning use cases to enhance monitoring value
- Engage with Fraud Policy, Operations, Strategy and other teams for early detection, prevention and mitigation of detected fraudulent activities
- Function as part of the Security Incident Response Team with incident investigations and aid in technical risk assessments
- Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
- Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed for the applications that they support
- Identify and develop new and improved technical procedures and process control manuals
Qualifications
- 3+ years' hands-on experience working in a SOC environment as it relates to the technologies and functions provided below
- Experience with SIEM tools like LogRythm, ArcSight, SumoLogic, Splunk, etc.
- Experience with EDR tools like SentinelOne, CrowdStrike, Microsoft Defender for Endpoint, etc.
- Experience working with Email Threat Protection tools such as Proofpoint, Ironscales, Darktrace, etc.
- Experience with Sandbox analysis tools (e.g., Datadog or comparable tools)
- Experience with PCAP analysis tools to determine malicious traffic
- Deep understanding of Intrusion Detection analysis (TCP/IP, packet level analysis) and Application Layer Protocols (HTTP)
- Advanced understanding of various operating systems (Windows/UNIX), and web technologies focused on Internet security
- Knowledge of current Cyber Fraud trends including common Account Takeover techniques and banking malware
- Knowledge of cutting-edge threats and technologies effecting Web Applications
- Knowledge of how Content Delivering Networks (CDN) work is a plus
- Understanding of or exposure to vulnerability assessment, penetration testing, or forensic analysis is a big plus
- Consistently demonstrates clear and concise written and verbal communication
- Proven influencing and relationship management skills
- Proven analytical skills
Education
- Bachelor’s degree/University degree or equivalent experience
- Certifications from EC-Council, GIAC, (ISC)² are preferred (e.g., CISSP, GCIA, CCNA)
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Information SecurityFull timeIrving Texas United States$96,400.00 - $144,600.00
Anticipated Posting Close Date:
Sep 20, 2024View the " " poster. View the .
View the .
View the