SOC Analyst

at  Agio Inc

Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries. The company has extensive experience supporting the alternative investment space, specializing in hedge funds, private equity firms and asset managers. Agio offers technology hosting, monitoring, management, helpdesk, disaster prevention and recovery, as well as managed security, 360° cybersecurity programs, virtual CISO (vCISO) support and cybersecurity consulting.
We have team members in the US, UK, Canada, India and the Philippines. Our remote work policy allows us to accommodate our employees’ need for flexibility. Our family forward mentality and work-life balance focus empower our employees to live their best life at Agio.

JOB DESCRIPTION

Reporting to the Director of Cyber Operations, you will help to protect the integrity and confidentiality of our client’s data and infrastructure by implementing measures to prevent breaches. Within the Agio community, you will partner cross functionally as well as within a strong team of cybersecurity professionals across our global organization.

REQUIREMENTS

• SIEM administration, configuration, and optimization experience with platforms such as Alien Vault, IBM QRadar, ArcSight or LogRhythm
• Threat hunting experience
• Malware reverse engineering and outbreak management experience
• Experience participating in and acting as an escalation point for complex network threat investigations
• Linux command line experience
• Experience and knowledge of public cloud environments, specifically AWS and Azure
• Knowledge of regular expressions and data normalization
• Experience configuring, integrating, and monitoring endpoint protection solutions such as Cylance, Carbon Black, or CrowdStrike
• Understanding of network protocols coupled with experience with web proxies, web application firewalls, and vulnerability assessment tools.
• Experience working in a team-oriented, collaborative environment with a high level of analytical and problem-solving abilities
• Positive attitude with strong oral and written communication skills
• Knowledge of IP networking and network security including Intrusion Detection
• Familiarity with common network vulnerability/penetration testing tools
• Familiarity with service management software such as ServiceNow
• Familiarity with data visualization platforms such as Domo
• Some experience with system hardening guidance and tools
• Experience on an incident response team performing Tier I/II initial incident triage, desired
• Experience supporting clients and serving as a technical advisor
• Ability to anticipate and respond to changing priorities and operate effectively in a dynamic demand-based environment requiring flexibility and responsiveness to client matters and needs

QUALIFICATIONS/EDUCATION

• BS/BA in Information Security, Computer Science or related engineering discipline, preferred
• 2+ years’ experience in technology (security, networking, systems, etc.)
• Prior experience working in a SOC required
• Financial services industry experience is a plus
• Managed security service provider (MSSP) experience is a plus

RESPONSIBILITIES

• Support a 24/7/365 Security Operations Center and monitor security tools
• Provide Tier 1 and 2 response to security incidents
• Respond to cybersecurity events and incidents caused by internal and external threats to our clients, coordinate response activities with various stakeholders, and recommend mitigation strategies
• Handle incidents as defined in playbooks and standard operating procedures, and advise on remediation actions
• Perform deep-dive incident analysis by correlating data from various sources and determine if a critical system or data set is affected
• Identify and design use case algorithms
• Assist customers in implementing sound and secure logging practices, deployment of agents and sensors
• Leverage advanced knowledge of security operations, cyber security tools, intrusion detection, and secured networks to integrate with the SIEM platform
• Triage emerging threats to protect assets and information in client environments.
• Partner with cross-functional technical teams to share expertise, research threats, and implement solutions
• Present reports and produce communications, e-blasts and other forms of communication that may be both internal and client facing, to include leadership and executive management
• Draft root cause analysis reports and recommendations after cybersecurity incidents
• Identify risk areas that will require vulnerability prevention
• Stay current with Security technologies and make recommendations for use based on business value