Overview:
The Security Operations Center (SOC) Analyst II provides support to One Source’s Managed Security Services customers. The SOC Analyst II should have a background and general experience within Information Technology, and an intermediate knowledge of cyber security practices. The SOC Analyst II should also have a thirst for knowledge and an ability to tackle new problems quickly by using available security tools to successfully remedy issues with minimal supervision from the Senior SOC Analyst and/or SOC Manager. This role focuses primarily on security analysis (escalations and investigations), while also handling basic security engineering tasks (systems, upgrades, reporting, maintenance, etc).

Responsibilities:

• Intermediate knowledge of security concepts including, but not limited to, general security concepts, threats and vulnerabilities, digital forensics, threat hunting, incident response, security architecture, mitigation techniques, etc.
• Intermediate knowledge of security tools and controls including, but not limited to, EDR, Network Security, Email Security, SIEM, SOAR, ITSM software, etc.
• Monitors and investigates security alerts generated from various security tools and controls deployed in the customer’s environment to determine affected systems and extent of attack
• Identifies threats in the customers environment and conducts analysis and investigations to determine type of attacks and data or systems impacted
• Handles security alerts identified and escalated by SOC Analyst I to determine when escalation is required and successfully engages Senior SOC Analyst and/or SOC Manager
• Identifies and handles customer issues and presents them to Senior SOC Analysts and/or SOC Manager clearly and consisely for timely resolution
• Possesses verbal and written communication skills for daily interactions with customers and fellow team members/coworkers
• Bachelors degree in related field preferred but not required
• CompTIA CySA+ Certification (or similar) preferred but not required (ability to obtain within first 12 months)
• Ability to work any assigned shift within 24x7x365 SOC
• 3-5 years of security experience required

Qualifications:

Documentation Repository:

• Identify when Knowledge Base Articles (KBAs) are needed and assist with the development and maintenance of the KBA repository
• Identify when SOC Playbooks are needed and assist with the development and maintenance of the SOC Playbook repository
• Ability to complete any/all necessary SOC documentation as required or assigned by the SOC Manager

Training/Continued Education:

• Willingness and desire to stay updated on the current threat landscape by using multiple sources (e.g., articles, podcasts, etc.)
• Ability to complete any/all training and certification requirements as assigned by the SOC Manager

Updated 3/20/202

• Intermediate knowledge of security concepts including, but not limited to, general security concepts, threats and vulnerabilities, digital forensics, threat hunting, incident response, security architecture, mitigation techniques, etc.
• Intermediate knowledge of security tools and controls including, but not limited to, EDR, Network Security, Email Security, SIEM, SOAR, ITSM software, etc.
• Monitors and investigates security alerts generated from various security tools and controls deployed in the customer’s environment to determine affected systems and extent of attack
• Identifies threats in the customers environment and conducts analysis and investigations to determine type of attacks and data or systems impacted
• Handles security alerts identified and escalated by SOC Analyst I to determine when escalation is required and successfully engages Senior SOC Analyst and/or SOC Manager
• Identifies and handles customer issues and presents them to Senior SOC Analysts and/or SOC Manager clearly and consisely for timely resolution
• Possesses verbal and written communication skills for daily interactions with customers and fellow team members/coworkers
• Bachelors degree in related field preferred but not required
• CompTIA CySA+ Certification (or similar) preferred but not required (ability to obtain within first 12 months)
• Ability to work any assigned shift within 24x7x365 SOC
• 3-5 years of security experience require