Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during and after a cyber event.

Cyber SOC Analyst

Job Summary:

As a Cyber Defense Labs Cyber Security Analyst, your role on the team will include leveraging your knowledge of industry best practices, good judgment and problem-solving skills to execute security operations. Being on the front lines of defense, the Cyber Security Analyst is adept at making good decisions under pressure and able to quickly adapt to any security challenge. This individual also pays attention to detail and is disciplined in documenting process and procedures. The Cyber Security Analyst will also be responsible for all requests coming into the department making sure departmental SLAs are met. The Cyber Security Analyst’s motto is operational excellence, continual process improvement and customer service.

Primary Duties & Responsibilities

You will be working on all phases of the detection, investigation and resolution of cyber security events flagged by the various detection systems in use at CDL.

You will also work closely with other members of the Cyber SOC team to run investigations into the root cause of security events, escalating to the Technical Security, vulnerability and problem-management teams where necessary.

You will work with various internal and external Cyber SOC-related stakeholders to make sure that our customers security posture is always being strengthened as we work to continually improve security configurations, practices and processes.

Document Security process and procedures.

Support service request in-take process and communicate back to requestors promptly

Ancillary activities that you would be involved in may include providing security-related assistance to internal staff members, running and interpreting the results of vulnerability scans for Technical Security/CSIRT team and applying commonly used information security standards with respect to the systems being used in the Cyber SOC / CSIRT (e.g. ISO 27001, SOC2 and GPG 13).

Other duties and responsibilities as assigned

This position will sit in the 24/7 Cyber Defense Center and will involve shift work including day, evening and weekend roles.

Minimum Qualifications:

Passion and enthusiasm for Cyber Security.

1 to 2 years’ experience of working in a high-performance SOC team in a cyber-security focused organization.

Experience with an enterprise-grade SIEM platform (e.g. LogRhythm, AlienVault, ArcSight, QRadar, McAfee, Securonix).

Experience in high volume environments that handle millions/billions of records per day.

Experience in Security Event analysis & triage, incident handling and root-cause identification.

Specialty in one or more of the following Information Security domains:

Cyber Intelligence Analysis, Threat Monitoring, Incident Response, Machine Learning & Artificial Intelligence, Malware Analysis, Computer Forensics, Endpoint Protection, Network Security, Infrastructure Security, Application Security, Platform Security, Identity & Access Management, Security Education & Awareness, Vulnerability Scanning & Management, and Compliance & Risk Management

Well versed in TCP/IP and other network protocols

Ability to review and understand packet captures and netflow

Experience with Red/Blue team exercises.

Excellent team-working skills, and a "can do, let's get it done" attitude is crucial.

A desire to keep learning, extending your skills and pushing the boundaries of your knowledge.

Excellent verbal and written communication skills

Bonus Qualifications:

Elastic Stack experience. Bro and Fluentd experience.

Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc

Ability to write and understand complex regular expressions (PCRE).

Event Detection tools (e.g. FireEye, Palo Alto, Fortinet, Carbon Black, Cylance)

Experience with 'big-data' platforms such including Hadoop, HDFS, Apache Spark etc.

IDS/IPS (e.g. TippingPoint, Sourcefire, Snort, Suricata)

Security related certifications, for example CISSP, GCIH, CEH, OSCP, Security+.

An undergraduate or higher degree in computing with a strong security component.

Education and/or Experience:

College Degree in Cyber Security or Information Technology or equivalent work experience.

Certifications like Network+, Security+