L2 SOC Analyst
Primary Purpose and Goal of Role
Quzara, a Cyber Security Firm at the forefront of defending against cyber threats, is actively seeking a dedicated L1 SOC Analyst for a fully remote role. This position is integral to our Security Operations Center (SOC), focusing on the initial monitoring, analysis, and triage of security events and incidents. The L1 SOC Analyst will utilize advanced security tools and technologies to identify potential security threats and collaborate with senior analysts for deeper investigations. Ideal candidates will have a foundational understanding of cybersecurity principles, and technologies, and a keen interest in advancing their career in cybersecurity analysis.
This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. If your role falls within our Security Operations Center you will be assigned a specific shift. As a result, your working schedule may require flexibility to cover any shift that falls within a 24/7 cycle, it may also change and rotate, including nights, weekends, and holidays.
Responsibilities
- Monitor security events and alerts utilizing advanced security technologies and tools such as Microsoft Sentinel, Defender technologies, and Log Analytics.
- Assist with the initial identification and triage of potential security threats using threat intelligence.
- Support the response to security incidents, providing initial analysis and escalating to senior analysts as necessary.
- Gain proficiency in KQL Queries to assist in investigations and derive insights from potential security threats.
- Collaborate with other SOC team members to resolve security incidents and enhance the overall security posture.
- Participate in initial incident response efforts under the guidance of senior team members, adhering to NIST guidelines.
- Contribute to the continuous improvement of security operations by identifying trends and anomalies in security events.
- Communicate effectively with team members and stakeholders regarding security incidents and initial findings.
- Show willingness to work in a 24/7 environment, including shifts and on-call rotations.
- Begin to understand the requirements for working in government environments and the associated incident response procedures based on NIST guidelines.
- Start to develop skills in implementing and utilizing Microsoft Sentinel for SIEM and SOAR concepts.
- Learn to use Azure Sentinel for the detection and response to security threats and anomalies.
- Acquire knowledge on techniques utilizing the MITRE ATT&CK framework for incident investigation and basic threat hunting.
- Initiate understanding in conducting basic investigations and identifying suspicious activities through log analysis.
REQUIREMENTS
- 1-3 years of experience in a SOC Analyst role, preferably in a SOC/MXDR or MSSP environment.
- Basic understanding of networking technologies.
- Familiarity with Microsoft security technologies such as Microsoft Sentinel and M365 Defender.
- Initial understanding of security best practices and incident response procedures.
- Exposure to threat intelligence and the importance of its use in security operations.
- Developing proficiency with KQL Queries.
- Effective verbal and written communication skills.
- Strong analytical and problem-solving skills, with a desire to learn and grow within the cybersecurity field.
- Interest in obtaining Microsoft Security certifications such as Azure Security Engineer Associate is encouraged.
- Willingness to work in a 24/7 environment, including flexibility to cover various shifts. .
- Motivation to learn and apply techniques utilizing the MITRE ATT&CK framework for basic incident investigation and threat hunting.
- Eagerness to develop skills in scripting languages such as Python, PowerShell, and JavaScript for automation and analysis tasks.
- An understanding of the importance of working in compliance with government environments and NIST guidelines.