Remote SOC Security Analyst L3

Summary

Join BlueVoyant's team as a Security Operations Center (SOC) Analyst to defend global customers from adversaries. As an L3 analyst, you'll be the ultimate technical expert and escalation point for analysts on your team.

Requirements

• US Citizenship Required
• Ability to handle high pressure situations in a productive and professional manner
• Ability to work directly with customers to understand requirements for and feedback on security services
• Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule
• Knowledge and experience with SIEM solutions, Cloud App Security tools, and EDR
• Advanced knowledge and understanding of network protocols and network telemetry
• Forensic artifact and analysis knowledge of Windows and Unix systems
• Expertise in Endpoint, Web, and Authentication log analysis
• Experience with SIEM/EDR detection creation
• Experience in responding to modern authentication attacks against AD, Entra, OATH, etc
• Expert knowledge of common attack paths, including LOLbin use, common adversary tools, business email compromises, AiTM attacks, including identification and response
• Strong knowledge of the following: SIEM workflows (preferably Sentinel and Splunk)
• Modern authentication systems and attacks (SSO, OATH, Entra, etc.)
• Malware Detection, to include dynamic and light static analysis
• Network Monitoring metadata (web logs, firewall logs, WAF/IDS)
• Email Security and common business email compromise attacks
• Windows and Unix forensic artifacts (i.e. registry analysis, wtmp/btmp)
• Windows PE and Maldoc analysis
• Remote access solutions (both legitimate and inherently malicious)
• Lateral movement methodologies and tools for Windows & Unix-based OSes
• O365 attack paths, common attacker methodologies, and analysis
• Network metadata analysis and knowledge of commonly abused protocols
• Expert knowledge of credential harvesting tools and methodologies

Responsibilities

• Monitor and analyze security events and alerts from multiple sources, including SIEM logs, endpoint logs, and EDR telemetry
• Research indicators and activities to determine reputation and suspicious attributes
• Perform analysis of malware, attacker network infrastructure, and forensic artifacts
• Execute complex investigations and handle incident declaration
• Perform live response analysis of compromised endpoints
• Hunt for suspicious activity based on anomalous activity and curated intelligence
• Participate in the response, investigation, and resolution of security incidents
• Provide incident investigation, handling, response, and incident documentation
• Engage and assist the BlueVoyant Incident Response teams for active intrusions
• Ensure events are properly identified, analyzed, and escalated to incidents
• Assist in the advancement of security policies, procedures, and automation
• Serve as the technical escalation point and mentor for lower-level analysts
• Regularly communicate with clients to inform them of incidents and aid in remediation

Preferred Qualifications

• Experience intrusion analysis / incident response, digital forensics, penetration testing, or related areas
• 5+ years of hands-on SOC/TOC/NOC experience
• GCIA and GCIH required. GCFA, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
• Familiarity with technologies such as Sentinel, Splunk, Microsoft Defender suites, Crowdstrike Falcon, SentinelOne
• Familiarity with GPO, Landesk, or other IT Infrastructure tools
• Understanding and/or experience with one or more of the following programming languages: JavaScript, Python, Lua, Ruby, GoLang, Rust