L2 SOC Analyst
Primary Purpose and Goal of Role
Quzara, a leading Cyber Security Firm, is seeking a highly skilled and experienced L2 SOC Analyst to join our Security Operations Center (SOC). This fully remote role is critical to our mission of protecting our clients from cybersecurity threats. The L2 SOC Analyst will be responsible for monitoring and analyzing security events, identifying and investigating potential security threats, and responding to security incidents. The ideal candidate will have a deep understanding of cybersecurity technologies, threat intelligence, and incident response procedures, with a strong background in using Microsoft security technologies and tools.
This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. If your role falls within our Security Operations Center you will be assigned a specific shift. As a result, your working schedule may require flexibility to cover any shift that falls within a 24/7 cycle, it may also change and rotate, including nights, weekends, and holidays.
Responsibilities
- Monitor and analyze security events utilizing advanced security technologies and tools such as Microsoft Sentinel, Defender technologies, and Log Analytics.
- Utilize deep threat intelligence to identify and investigate potential security threats.
- Respond to and triage security incidents, escalating as necessary.
- Utilize proficiency in KQL Queries to conduct investigations and gain insights into potential security threats.
- Collaborate with other teams to resolve security incidents and improve overall security posture.
- Participate in incident response efforts and assist in forensic investigations, adhering to NIST guidelines.
- Continuously improve security operations through the identification of trends and anomalies.
- Communicate security incidents and findings to stakeholders and management.
- Willingness to work in a 24/7 environment.
- Experience working in government environments.
- Familiarity with incident response requirements based on NIST guidelines.
- Proficient in implementing and utilizing Microsoft Sentinel for Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) concepts.
- Experience in using Azure Sentinel to detect and respond to security threats, anomalies, and to automate incident response.
- Experience with techniques utilizing the MITRE ATT&CK framework for incident investigation and threat hunting.
- Experience in conducting investigations and identifying malicious activities using techniques such as packet analysis, log analysis, and endpoint forensics.
- Experience with scripting languages such as Python, PowerShell, and JavaScript.
REQUIREMENTS
- At least 5+ years of experience in a SOC Analyst role at a SOC/MXDR or MSSP with L2 experience.
- Strong understanding of networking technologies.
- Experience with Microsoft security technologies such as Microsoft Sentinel and M365 Defender.
- Strong understanding of security best practices and incident response procedures.
- Experience with deep threat intelligence.
- Strong proficiency with KQL Queries.
- Strong verbal and written communication skills.
- Strong analytical and problem-solving skills.
- Microsoft Security certifications such as MCSE: Security, MCSA: Windows Server 2016, Azure Security Engineer Associate are a plus.
- Azure experience working with azure security is a must.
- Experience with scripting languages such as Python, PowerShell, and JavaScript.
- Experience working in government environments.
- Familiarity with incident response requirements based on NIST guidelines.
- Willingness to work in a 24/7 environment.
- Experience with techniques utilizing the MITRE ATT&CK framework for incident investigation and threat hunting.
- Experience in conducting investigations and identifying malicious activities using techniques such as packet analysis, log analysis, and endpoint forensics.