Sr. Analyst

Company: Satwic Inc
Location: Brea
Posted on: March 20, 2023

Job Description:

Education / Certifications (minimum):
--- Bachelor's degree in cybersecurity or related field
--- 10-15 years experience working with IT Security
--- Certified SOC Analyst (C-SA), or equivalent IT SEC certification

Duties:
The SOC Sr. Analyst is required to have strong technical and hands-on experience with SIEM configuration and incident response. SOC Analyst will monitor LAWA user activity, network events, and signals from security tools (e.g. SIEM, etc.) to identify events that merit attention.

The SOC Analyst is required to triage security alerts, prioritize, and may investigate them further for additional reporting and analysis. This Sr. role will support Tier 1, Tier 2, and Tier 3 response protocols.

The SOC Analyst will also spend some level of time on a recurring basis to better enable the SIEMs capabilities and tuning.

LAWA's current SIEM configuration and incident response tools:
1. SIEM (Elastic) Configuration
2. EDR (Carbon Black) Configuration
3. Handling cyber incidents (Tier 1, 2, or 3) using Elastic and Carbon Black

Technologies under management:
--- LAWA has specific technologies that are currently in use in the environment and are a part of the steady state services.
--- EDR, or Endpoint Detection and Response, is Carbon Black.
--- NST, or Network Security Technologies, are CISCO FirePower/ASA Firewalls, Extrahop, ZScaler (ZIA and ZPA), Red Seal
--- VMS, or vulnerability management system, are Qualys and Tenable
--- SIEM, or Security Incident and Event Monitoring, is Elastic

Logging-as-a-Service: Implement Observability pipeline to capture all necessary telemetry for the security program.This will include:
--- Analysis of current log sources
--- Confirmation those log sources are ingesting to designated SIEM
--- Normalization of log sources
--- Data hygiene for all ingest sources
--- Ongoing monitoring and maintenance of data flow through the Observability pipeline

Managed Detection and Response:
--- Development of Use cases for alerting structure
--- Development of SIEM queries associated with use cases
--- Development of Dashboards associated with use cases
--- Observation and Enrichment of all incoming alerts
--- Decision on Response Action as agreed with CLIENT
--- Engagement with any existing providers, like Red Canary, who are providing services
---Supported by two analysts (at minimum) on shift at all times

Security Technology Management("STM"): EDR
--- Maintain the health of the current EDR Solution
--- Ensure configuration of EDR is up to date with all client change request
--- Ensure installation of EDR across infrastructure portfolio

STM: NST
--- Maintain health of Client NST
--- Ensure configuration of NSS is up to date with all client change request
--- Ensure installation of NSS across infrastructure portfolio

STM: VM
--- Maintain the health of the current VMS
--- Ensure configuration of VMS is up to date with all client change request
--- Ensure installation of VMS across infrastructure portfolio
--- Curate all alerts from VMS system
--- Ensure implemented in the client ITSM
--- Work with resolver groups on completion
--- Report on ongoing status

Keywords: Satwic Inc, Fullerton , Sr. Analyst, Professions , Brea, California