Network and Security Operations Analyst-(NSOA-9)

The Security Operations Center is responsible for providing 24/7, 365 monitoring, detection, and response capabilities. This includes event, cloud security, and DLP monitoring, as well as a role in the incident response process. The Tier 3 SOC Analyst serves as an escalation point for Tier 1 and Tier 2 Analysts within the SOC and provides advanced analytical and investigation support for complex incidents to assist in containment and mitigation of threats.

The Tier 3 Security Operation Center (SOC) Analyst is responsible for providing oversight during day-to-day operational tasks for Tier 1 and 2 analysts within the SOC, as well as advanced technical investigation capabilities to respond to security incidents. The analyst will serve as the escalation point for all SOC analysts, and as an interface with the Advanced Threat Hunt and Intelligence team for the SOC.

Position Responsibilities:
Security Operations Center (SOC) Analysis

• Provides advanced technical investigation and forensics capabilities across malware, phishing, cloud access security brokers (CASB), network, and configuration compliance domains.
• Responds to and mitigates security incidents based on defined process and procedures to contain and eradicate threats.
• Resolves or escalates investigations to CSIRT as required, in coordination with the SOC Manager.
• Interfaces with the threat hunting and threat intelligence teams to build proactive searches / signatures in the SIEM or security application to enhance detection capabilities.
• Performs sampled reviews of investigated incidents by Tier 1/Tier 2 Analysts to improve ticket quality and provides feedback to coach junior Analysts.

Documentation and Support

• Participates in the development / enhancement of process and technologies impacting the SOC and the broader Cyber Defense Operations function.
• Collaborates closely with the SOC Manager to develop recommendations and/or technical implementations to improve workflows within the SOC, including the use of automation and optimization of processes.
• Collaborates with other Engineering and Operations teams within the bank to troubleshoot, respond, and improve detection capabilities.
• Handles sensitive information in accordance with the Corporate Information Protection Policy.

Position Qualifications:

• Bachelors' Degree from an accredited university in Computer Science, Engineering, Information Systems, or Cyber Security or equivalent degree OR High School/GED with 6 years relevant and/or transferable experience
• 5 years of experience in information security/technology experience preferably in a SOC/ NOC
• 4 years of experience using various operating systems and industry standard monitoring, logging, alerting and investigation processes
• 2 years of experience in incident response
• 2 years of experience with scripting skills in common languages (e.g. PowerShell, Python, Java, Bash

Licenses/Certifications:

• CompTIA Network+, CompTIA Security+, GCIA, GCIH, GREM, or GPEN preferred

Work Best Category:
Category C - Days in the office will either be designated days or will vary week to week from 2-5 days

Hours:
8:00am - 5:00pm Monday - Friday

• Work with the application development and testing teams to assist with problem resolution and troubleshooting during Regression, UAT, and customer testing efforts.
• Partner with the group representative for the core releases and out of release projects by reviewing project requirements, application design documents, and announcements to understand potential impacts to the testing environments.

Requirements:

• Experience in working on large production systems with high transaction volumes.
• Excellent troubleshooting skills and be able to proactively work to prevent a problem.
• Excellent communication and documentation skills.
• Experience working with continuous integration tools such as Bamboo, Jenkins, Chef, Cruise Control etc.
• Experience working with code coverage and health reporting tools such as Sonar.
• Complete code reviews and mentor peers and more junior members of the team.

The ideal candidate would have the following skills:

• Advanced skills and knowledge of testing frameworks and techniques.
• Cloud Development Experience – PCF, AWS, Azure.
• Ability to innovate and develop new approaches to complex design problems.
• Experience with a variety of architectural patterns including high performance, high availability transaction processing systems and multi-tiered web applications.
• Self-motivated with the ability to accomplish tasks with minimal direction.
• Loves being in a collaborative, team environment.
• Ability to define and elaborate both functional and non-functional requirements.
• Possesses skills to understand, report, and optimize delivery metrics to continuously improve upon them (e.g. velocity, throughput, lead time, burndown).
• Ability to understand and breakdown requirements from a customer testing point of view to produce customer test cases.
• CI/CD setup to support test automation.
• Familiarity with secure coding standards and vulnerability management.
• Possesses skills in test-driven development to build just enough code and collaborate on the desired functionality.
• Has familiarity with tools (e.g. Sonar, Checkmarx) to scan and measure code quality and anti-patterns.
• Ability to develop and document test strategy following employer testing standards.
• Understands defect management processes to facilitate root cause analysis and learnings.
• Possesses skills to orchestrate release workflows and pipelines to enhance CICD using orchestration tools (e.g. Jenkins).
• Always look for potential solutions to solve problems.