The Security Operations Center (SOC) Analyst at 84 Lumber, will be responsible for triaging security alerts detected by various SIEM and detection applications, analyzing all available data to determine if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, performing forensic investigations to determine the details around threats and attacks, and providing guidance on remediation actions.
- Monitor sources of potential security incidents, health alerts with monitored solutions and requests for information. This includes the monitoring of real-time channels or dashboards, periodic reports, email inboxes, helpdesk or other ticketing system, telephone calls, chat sessions
- Follow incident-specific procedures to perform triage of potential security incidents to validate and determine needed mitigation
- Escalate potential security incidents to personnel, implements countermeasures in response to others, and recommend operational improvements
- Keep accurate incident notes in case management system
- Maintain awareness of the technology architecture, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats as identified by threat intelligence, and recent security incidents
- Provide advanced analysis of the results of the monitoring solutions, assess escalated outputs and alerts from third-party Analysts
- Provide advice and guidance on the response action plans for information risk events and incidents based on incident type and severity
- Ensure that all identified events are promptly validated and thoroughly investigated
- Provide end-to-end event analysis, incident detection, and manage escalations using documented procedures
- Devise and document new procedures and runbooks/playbooks as directed
- Maintain monthly Service Level Agreements (SLAs)
- Maintain compliance with processes, runbooks, templates and procedures-based experience and best practices
- Provide malware analysis (executables, scripts, documents) to determine indicators of compromise, and create signatures for future detection of similar samples
- Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc.
- Perform peer reviews and consultations with third party SOC analysts regarding potential security incidents
- Actively seek self-improvement through continuous learning
- Support weekly Operations calls
- Adhere to internal operational security and other 84 Lumber policies
- All other duties as assigned
- Bachelor of Science with a concentration in computer science, information systems, information security, math, decision sciences, risk management, or other business/technology disciplines or equivalent work experience
- 2+ years working in a SOC and/or strong security technology operations experience
- Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent
- Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
- Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures
- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
- Understanding of common network infrastructure devices such as routers and switches
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Basic knowledge in system security architecture and security solutions
- 2+ years exposure to Payment Card Industry (PCI), and/or Information Technology General Controls
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
- Ability to handle multiple tasks with changing priorities in a fast-paced and deadline-oriented environment; handling frequent interruptions positively
- Strong analytical, interpersonal, verbal/written communication and problem-solving skills
- Demonstrated collaborative skills and ability to work well within a team
- Self-motivated with critical attention to detail, deadlines and reporting
- Prior experience with retail store operations and technologies preferred
84 Lumber Company is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, national origin, disability, or protected veteran status.