Contract / Temp to Direct / Direct Hire: Temp to Direct
City: Little Rock
Country: United States
Senior CSOC Analyst (IT Consultant, SR)
The CSOC Analyst provides initial alert identification, analysis, and documentation using SIEM, antivirus, and other security alerts. They continue to support the TCIRT during an incident by providing additional alert information that may correlate with the incident under investigation.
The CSOC Analyst is a technical position that requires working experience with Security Information and Event Management (SIEM) technologies. Upon suspicious alert detection, the CSOC Analyst must be able verify alert details, identify and gather appropriate alert details, and follow incident playbooks to take additional triage steps as necessary. This position will also work closely with the CSOC Lead and other members of the Information Security team.
The CSOC Analyst will perform the technical operation of the Consolidated Security Operations Center (CSOC), to include all facilities, tools, process and procedures, in order to provide effective execution of 24x7 monitoring operations for both physical and cyber security.
The Senior CSOC Analyst may also provide technical guidance and training to the Junior CSOC analyst as necessary and may provide direction or act as a mentor to ensure that the CSOC is operating effectively and efficiently as possible.
Primary Duties & Areas of Responsibility:
Perform 24x7 monitoring to detect suspicious, unusual, or malicious activity and escalate it to the proper personnel through proper channels
Status monitoring and event detection (24x7 eyes on glass) of physical and cyber monitoring systems including SIEM, AV, IPS, DLP, card access and video analytics
Manage escalation to next tier level including to Incident Response, Security Operations, Corporate Security, and outsourcing providers
Recommend enhancements and tuning for the security event and information management technologies
Proactively detect and 'hunt' for network and end-point anomalies throughout the IT environment
Coordinate with 3rd-party vendors for field equipment repair such as card reader, and door locks/contacts
Coordinate alternative security measures with field support, Corporate Security, and 3rd-party security contractors
Monitor privileged account usage and detect unauthorized changes, with close watch on vendor and administrative accounts
Maintain contact and communications with business unit personnel (Transmission, Fossil, SPO, Corporate Security) regarding the detection of security events (physical and cyber)
Monitor personnel's adherence to CIP physical security policies and procedures via video surveillance
Monitor physical security systems to include access control systems, digital video surveillance systems, CCTV, building security, building automation, and physical intrusion detection systems.
Tier 1 support for system issues such as device failure, application failure, etc.
Must be a US Citizen
5+ years of experience in Information Security, Risk Management, Infrastructure Security and Compliance
5+ years of physical security consulting experience or relevant equivalent in a corporate environment
Good understanding of Security Information and Event Management concepts and hands-on experience on industry standard products.
Experience in Operation of any SOC solutions (e.g. HP ArcSight, RSA Envision, McAfee Nitro, Alien Vault, Q1 Labs, etc)
Basic level of expertise in UNIX, Linux, and Windows Operating System
Complete understanding of TCP/IP, HTTP, HTTPS, SSL, Protocols.
Port scan and Vulnerability scanning techniques should have hands on experience.
Exploit and detection analysis skills, including ability to analyze logs for useful information and patterns
Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.
Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management.
Good understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA, and others that are required for Security Information and Event Management.
Experience with conducting and directing research into IT issues and products.
Ability to work effectively with team members and with customers
Self-motivated, with ability to manage and follow up on multiple tasks simultaneously
Rigorous attention to detail
Analytical ability, consultative, and strong judgment
Ability to approach problems from multiple angles and find creative solutions
Effective verbal and written communication skills
Strong understanding of Information Security concepts and trends
Demonstrated commitment to customer service with excellent oral and written communication skills
Ability to provide 24/7 on-call support
Previous experience working in 24x7 Security Operations Center (SOC)
Previous Data Loss Prevention or Information Security experience
Experience with ISO, ITIL and/or Cobit framework
Industry standard certifications (CISSP, CISM, CPP, PSP, etc.)
Minimum Educational Background and Physical Requirements Required To Perform Job:
Bachelors and above degree in Computer Science, Information & Technology, MIS, Engineering or at least 6 years of experience in a Security operations or role.
141 page view(s)
Thinking about applying for this position?
Please make sure that you meet the minimum requirements indicated for the job before you apply (see user agreement). If you are qualified, then use either the email link (near top of post) or the application link (near bottom of post) to apply, whichever is provided.
© Copyright - Roadtechs®, LLC. All rights reserved. No reproduction of any part of this website may be sold or
distributed for commercial gain nor shall it be modified or incorporated in any other work, publication, or website.
Use of this site implies compliance with the Roadtechs User Agreement.