Soc Analyst Level 2

Summary

Join BlueVoyant as a Security Operations Center (SOC) Analyst Level 2 and contribute to a fast-paced team dedicated to managing IT security for global customers. This hybrid role, based in Tulsa, OK, requires shift work (Wednesday-Saturday, 12 pm-11 pm Central). You will monitor and analyze security events, separate threats from false positives, escalate issues, and collaborate with customer IT teams. US citizenship is required. The position demands strong technical skills, experience with various security tools and systems, and excellent communication abilities. Opportunities for professional growth and mentorship are available.

Requirements

• Possess excellent teamwork skills
• Have knowledge of and experience with intrusion detection/prevention systems and SIEM software
• Possess strong knowledge and understanding of network protocols and devices
• Have strong experience with Mac OS, Windows, and Unix systems
• Be able to analyze event logs and recognize signs of cyber intrusions/attacks
• Be able to handle high pressure situations in a productive and professional manner
• Be able to work directly with customers to understand requirements for and feedback on security services
• Possess strong written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Possess strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Be able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule
• Have familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk
• Possess strong knowledge of the following: SIEM, Packet Analysis, SSL Decryption, Malware Detection, HIDS/NIDS, Network Monitoring Tools, Case Management System, Knowledge Base, Web Security Gateway, Email Security, Data Loss Prevention, Anti-Virus
• Be a US Citizen
• Have a minimum bachelor’s degree in Information Security, Computer Science, other IT-related field, or equivalent professional experience

Responsibilities

• Monitor and analyze security events and alerts from multiple sources, including security information and event management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows and Unix), and databases
• Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks
• Initiate tickets, document, and escalate to higher-level security analysts when required
• Serve as the technical escalation point and mentor for lower-level analysts
• Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual
• Perform triage of incoming issues (assess the priority, determine risk)
• Work with customers to deploy hardware and software monitoring systems
• Maintain a strong awareness of the current threat landscape
• Provide tuning recommendations for security tools to tool administrators

Preferred Qualifications

• Have experience in network/host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas
• Have 1-4 years of hands-on SOC/TOC/NOC experience
• Have GCIA certification
• Have GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE certifications
• Have familiarity with tools such as IDA Pro, PEiD, PEview, Procmon, Snort, Bro, Kali Linux, Metasploit, NMAP, and Nessus
• Have familiarity with GPO, Landesk, or other IT Infrastructure tools
• Have understanding of programming/scripting languages and ability to run basic database queries