SOC Analyst-Tier 1

Summary

Join True Zero Technologies, a veteran-owned small business, as a Tier 1 SOC Analyst. You will monitor, detect, and respond to security incidents, ensuring client asset protection. This role involves investigating incidents, determining remediation, and refining existing use cases. You will perform continuous monitoring, track events, and generate reports. Collaboration with stakeholders and communication of security events are crucial. The position offers opportunities for professional growth and development within a supportive team environment. True Zero is a fast-growing company recognized for its excellent workplace culture.

Requirements

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field (or equivalent experience perferred)
• Proven experience (2+ years) in a SOC or security-related role, with a focus on incident monitoring, analysis, and response
• Familiarity with security technologies and tools such as SIEM, IDS/IPS, firewalls, antivirus, and endpoint protection systems
• Understanding of common network protocols (TCP/IP, DNS, HTTP, etc.) and their role in security monitoring
• Knowledge of security incident response methodologies and best practices
• Familiarity with various operating systems (Windows, Linux, etc.) and their security features
• Basic understanding of malware analysis and its impact on security incidents
• Strong analytical and problem-solving skills, with the ability to work under pressure and meet tight deadlines
• Excellent communication skills, both written and verbal, with the ability to effectively document and report on security incidents
• U.S. Citizenship is required as this is in support of a Federal Customer

Responsibilities

• Perform triage on all security related events
• Investigate and identify the root cause behind security incidents – to include all stages of the cyber kill chain as appropriate/needed
• Determine the extent and remediation of security events
• Refine/improve existing use cases/alerting with Tier 2
• Perform regular continuous monitoring of events across platforms, operating systems, databases, and management systems
• Track and communicate reported events for numerous different security platforms, operating systems, databases, and management systems
• Review existing security events and propose refinements as necessary
• Improve and implement indicators and protections across platforms, operating systems, databases, and management systems
• Perform general operational and maintenance tasks for the organization
• Perform reviews of previously blocked domains/IPs
• Generate datasets for later analysis by other members of the team
• Generate reports on a scheduled basis to document findings and remediation efforts, to include recommendations to the system owners
• Follow defined procedures for metrics generation
• Provide the first line communication for events into the SOC
• Handle or escalate emails send to the SOC
• Handle or escalate incoming phone calls to the SOC
• Communicate professionally on all security events should they arise
• Document a description of each event handled and store the artifacts related to the handling of those events within the ticketing system
• Work collaboratively with various stakeholders to investigate events of interest and incidents

Preferred Qualifications

• Experience with threat hunting and proactive detection techniques
• Familiarity with log analysis and familiarity with log management tools
• Understanding of common cybersecurity frameworks such as NIST, ISO 27001, or CIS Controls
• Knowledge of scripting languages (Python, PowerShell, etc.) for automation and data analysis
• Familiarity with cloud platforms and their impact on SOC operations (e.g., AWS, Azure, GCP)
• Ability to work collaboratively in a team environment and effectively communicate with technical and non-technical stakeholders
• Continuous learning mindset and a passion for staying up to date with the latest cybersecurity trends and technologies
• Security certifications such as CompTIA Security+, GCIH, or GCIA are highly desirable

Benefits

• Competitive salary, paid twice per month
• Best in class medical coverage
• 100% of medical premiums covered by True Zero
• Company wide new business incentive programs
• Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)
• 3 weeks of PTO starting + 11 Paid Holidays Annually
• 401k Program with 100% company match on the first 4%
• Monthly reimbursement of Cell Phone and Home Internet costs
• Paternity/Maternity Leave
• Investment in training and certifications to broaden and deepen your technical skills