Security Operations Center Analyst

Introduction
A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.
You’ll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.
Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role you’ll be encouraged to challenge the norm investigate ideas outside of your role and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities
The Junior Security Operations Center Analyst I position will be a member of a dedicated security team within IBM Consuting Federal. In this role the Jr. SOC analyst will support a dedicated 24x7x365 operation for a Federal program. The Jr. SOC Analyst will be responsible for monitoring for alerts for potential threats and security anamolies analyzing content of those alerts and providing a written analysis for each. The analyst will work closely with Tier 2 SOC analysts who will serve as their escalation point. Perform 24x7x365 Security Monitoring Analysis and Response

• Support incident investigations response and reporting
• Security Reporting
• Vulnerability Analysis
• SOC ticket queue management
• Document actions taken and analysis in the authorized ticketing system
• 70% SIEM Monitoring and security analysis
• 10% Incident Investigation Analysis and Reporting
• 10% Vulnerability Analysis
• 10% Ticket Management

Required Technical and Professional Expertise

• DoD Approved 8570 certification REQUIRED
• Bachelors Degree + minimum 3 years of work experience with 3 years working in a 24x7x365 SOC environment.
• Analyzing system and network logs for security events anomalies and configuration issues.
• Experience working with SIEM technology to monitor and manage security events.
• Background in incident response system/network operations and threat intelligence.
• Experience utilizing enterprise security technologies such as SIEM/SOAR NGAV/EDR Vulnerability Scanners and Threat Intelligence Platforms.
• Hands-on troubleshooting analysis and technical expertise to resolve incidents and/or service requests. Understanding of possible attack activities such as network reconnaissance probing DDOS malicious code activity etc.
• Experience SOC operations including but not limited to: Alert and notification activities- analysis / triage / response Review and action on Threat Intel for IOCs and other operationally impactful information initial review and triage of reported Incidents
• Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
• Experience and ability to use and follow Standard Operating Procedures (SOPs)
• In-depth experience with processing and triage of Security Alerts; from multiple sources but not limited to: Endpoint security tools SIEM email security solutions CISA Threat Intel Sources
• Demonstrated experience with triage and resolution of SOC tasks; including but not limited to: vulnerability announcements phishing email review Tier 1 IR support SIEM/Security Tools – alert analysis
• Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources
• Demonstrated experience of the underlying logs generated by operating systems (Linux/Windows) Network Security Devices and other enterprise tools
• Demonstrated proficiencies with an enterprise SIEM or security analytics solution including the Elastic Stack or Splunk.
• Solid understanding and experience analyzing security events generated from security tools and devices not limited to: Crowdstrike and Palo Alto
• Experience and solid understanding of Malware analysis

Preferred Technical and Professional Expertise

• CEH CFR CCNA Cyber Ops CCNA-Security CySA+ ** GCIA GCIH GICSP Cloud+ SCYBER PenTest+
• Understanding and experience with Federal Security Standards such as NIST and DoD
• Understanding and experience with FedRAMP Cloud Security Requirements