About the Company

Job Description

The Level 1 Security Analyst is primarily responsible for the meticulous and consistent execution of all operational tasks, adhering strictly to established processes and their associated procedures. A core responsibility involves continuous monitoring of Security Information and Event Management (SIEM) tools to detect security-related events, followed by appropriate event closure or escalation as warranted. These analysts are also tasked with maintaining the group’s email address and associated distribution lists, in addition to diligently updating all pertinent documentation, including shift logs and incident tickets. Furthermore, they will provide support to the Managed Detection and Response (MDR) Analyst during incident workflows, assist the broader MDR team in the areas of incident detection and remediation, and facilitate communication with external teams to ensure proper and effective incident resolution.

Specifically, Level 1 Security Analysts will:

Serve as the initial cyber event detection group for the organization, swiftly identifying, categorizing, prioritizing, and thoroughly investigating events. This will involve leveraging all available security logs and threat intelligence resources, encompassing but not limited to:
Firewalls
Systems and Network Devices
Web Proxies
Intrusion Detection/Prevention Systems
Data Loss Prevention systems
Endpoint Detection and Response (EDR) / Antivirus Systems
Knowledgebase Frameworks (e.g., Confluence)
Continuously monitor SIEM and logging platforms to proactively identify security events and alerts indicative of potential threats, intrusions, and/or compromises. Monitoring activities will cover:
SIEM alert queues
Security email inboxes
Threat intelligence feeds received via email and other sources (e.g., NH-ISAC)
Incident ticketing queues (managed by the IT Security group)
Validate incoming alerts to effectively filter out false positives and enrich alerts with supplementary context derived from internal and external data sources.
Perform initial triage of service requests originating from both customers and internal teams.
Employ established playbook procedures to execute standardized responses for common event types, escalating alerts to Level 2 Analysts when more in-depth triage and remediation are required.
Provide assistance with threat containment and environmental remediation efforts during or following a security incident.
Actively participate in Threat Hunting exercises under the guidance of Incident Response Handlers.
Thoroughly document event analysis findings and produce comprehensive reports detailing incident investigations.
Proactively contribute to the enhancement of security-related operational processes and procedures.
Utilize available security tools to conduct historical analysis as necessary for detected events; this may include performing historical searches within SIEM tools.
Maintain detailed operational shift logs, recording all relevant activities occurring during the analyst’s shift. Document investigation results meticulously, ensuring that all pertinent information is communicated to Level 2 or MDR Analysts for final event analysis.
Update and reference the knowledgebase tool (e.g., Confluence) as needed to reflect changes to processes and procedures, and to incorporate daily intelligence reports and previous shift logs.
Conduct research and meticulously document events of interest that fall within the purview of IT Security.

Responsibilities

• Serve as the initial cyber event detection group for the organization, swiftly identifying, categorizing, prioritizing, and thoroughly investigating events. This will involve leveraging all available security logs and threat intelligence resources, encompassing but not limited to:
  Firewalls
  Systems and Network Devices
  Web Proxies
  Intrusion Detection/Prevention Systems
  Data Loss Prevention systems
  Endpoint Detection and Response (EDR) / Antivirus Systems
  Knowledgebase Frameworks (e.g., Confluence)
• Continuously monitor SIEM and logging platforms to proactively identify security events and alerts indicative of potential threats, intrusions, and/or compromises. Monitoring activities will cover:
  SIEM alert queues
  Security email inboxes
  Threat intelligence feeds received via email and other sources (e.g., NH-ISAC)
  Incident ticketing queues (managed by the IT Security group)
• Validate incoming alerts to effectively filter out false positives and enrich alerts with supplementary context derived from internal and external data sources.
• Perform initial triage of service requests originating from both customers and internal teams.
• Employ established playbook procedures to execute standardized responses for common event types, escalating alerts to Level 2 Analysts when more in-depth triage and remediation are required.
• Provide assistance with threat containment and environmental remediation efforts during or following a security incident.
• Actively participate in Threat Hunting exercises under the guidance of Incident Response Handlers.
• Thoroughly document event analysis findings and produce comprehensive reports detailing incident investigations.
• Proactively contribute to the enhancement of security-related operational processes and procedures.
• Utilize available security tools to conduct historical analysis as necessary for detected events; this may include performing historical searches within SIEM tools.
• Maintain detailed operational shift logs, recording all relevant activities occurring during the analyst’s shift. Document investigation results meticulously, ensuring that all pertinent information is communicated to Level 2 or MDR Analysts for final event analysis.
• Update and reference the knowledgebase tool (e.g., Confluence) as needed to reflect changes to processes and procedures, and to incorporate daily intelligence reports and previous shift logs.
• Conduct research and meticulously document events of interest that fall within the purview of IT Security.

Qualifications

• Applicants must possess a Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a closely related field.
• A minimum of 0-1 years of prior experience in MDR, Security Operations Center (SOC), or Incident Response is required.
• Experience as a workstream participant supporting tier-1, tier-2, or tier-3 SOC environments is highly desirable.
• Candidates must demonstrate exceptional oral and written communication skills, as well as strong client-facing abilities.
• Demonstrated analytical and communication skills are essential.
• The successful candidate must exhibit flexibility in adapting to various types of engagements, working hours, work environments, and locations.
• A proven capacity for creative and analytical thinking in a problem-solving context is crucial.
• The ability to work nights, weekends, and/or holidays may be required in the event of an incident response emergency.
• Applicants must be comfortable working under pressure and adhering to deadlines in a fast-paced environment.
• Candidates should be able to identify issues and opportunities for improvement, and effectively communicate these to senior team members.

Skills

ATS Keywords

Frequently Asked Questions

Other Information

Tags