Job Description

　　Insight Global is looking for a Level 2 SOC Analyst to support a 24/7 Global SOC Team that operates in three shifts (6 am - 2pm, 2pm - 10pm, 10pm - 6 am). The selected resource will be responsible for conducting preliminary incident triage according to the Security Incident Management Triage Matrix and prioritize / escalate as appropriate. The selected resource will be leading in the detection, triage, analysis and response to cyber-attacks. The resource will also be training and mentoring Level 1 Peers to improve SOC Analyst capability, as well as providing insight and expertise to examine malware, attack vectors, network communication and determine target network capabilities and vulnerabilities.

　　Skills and Requirements

　　* 2-5 years of security analyst experience, preferably in a managed services environment.

　　Must hold a Government issued Secret Clearance (Level II)

　　* Proven experience with operations using commonly used information security solutions (with focus on Splunk, QRadar, Crowdstrike, Sentinel, TrendMicro)

　　* Proven technology knowledge of Windows, Active Directory, Linux, SIEM Solutions, Antivirus software, Proxy.

　　* Experience in Cloud Security monitoring and in advanced analytics (UEBA)

　　* Knowledge of the most common and used frameworks (E.g., NIST CSF, ISO2700x, CMM SOC, etc.)

　　* Sound experience on programming languages: Python and/or R. and/or PowerShell

　　* Experience in REST API interfaces to support data collection or integration.

　　* Proven knowledge of current security threats, techniques, and landscape, and a dedicated and self-driven desire to research and learn more about the information security landscape.

　　* Review and triage experience with endpoint detection and response tools

　　* Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms.

　　* Strong analytical skills, decision making, being able to work under time pressure, cooperating with other people and using the escalation processes when necessary.

　　* Experience in technical Team coordination/management would be a plus. * CompTIA Security+, GIAC Security Essentials Certification (GSEC), SIEM & EDR Foundation certificates (Such as Microsoft Sentinel and Defender).

　　* Microsoft, Splunk, SANS.org security certifications related to SIEM, EDR products and operations (in example Microsoft AZ-500)

　　* A minimum of 2 years hands on experience with one or more of the following areas:

　　o Operation and Implementation of SIEM solutions including:

　　 QRadar or Splunk and Microsoft Sentinel.

　　o Operation and Implementation of Security Automation solutions including:

　　 Thorough knowledge of SOAR (Security Orchestration Automation & Response) technologies.

　　o Desing and Implementation of Monitoring strategy including:

　　 Thorough knowledge on defining data sources monitoring based on clients' business

　　 Thorough knowledge on MITRE Frameworks (ATT&CK, D3FEND)

　　 Familiar with Cyber Kill Chain

　　o Desing and Implementation of Configuration Governance solutions including:

　　 Thorough knowledge on how to operationalize ongoing security configuration governance service using SOC standard methodologies, metrics, KPIs, KRIs, Operational Procedures.

　　o Cyber Network Operations/Penetration Test Methodologies and tools like Metasploit, Kali Linux, Cobalt Strike etc., null

　　We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected].