Senior SOC Analyst

Remote: PST Time Zone. 

Job Summary:

Are you passionate about securing global-scale e-commerce services and applications that power millions of customers across hundreds of countries around the globe?  Are you passionate about cutting edge technology, security monitoring, threat detection, incident generation, intrusion analysis, and responding to security events?  We are looking for a Senior SOC/IR Analyst to join our growing team!

The Senior SOC Analyst leads and oversees activities relating to incident generation, monitoring, and responding to security events.  With regular reporting and feedback from management, leads analysts, including escalations, information security processes, security tools, and services.  Supports multiple security-related platforms and technologies utilizing SIEM, Continuous Monitoring and Incident Response, Detection Engineering, SOAR/Automation, Cyber Threat Intelligence, Dark Web Monitoring, Phishing Defense, and Threat Hunting, while interfacing with members of the IT organization, other internal business units, and external parties as necessary.  Defines and maintains use cases related to incident triage, incident response, incident generation, detection rules, correlation rules, thresholds, and tuning to identify, manage, and contain suspicious/malicious activity. 

The Senior SOC Analyst reports to the Senior Manager of Security Operations and is an involved member of the SOC team.  This role must display an in-depth understanding of new trends and technologies related to IT security and compliance and contribute to the company IT security strategy and roadmap.  This individual will liaise with other Analysts, lead daily SOC operations, train analysts, and serve as the escalation point for the  SOC Analyst and Incident Response Team.

This individual must understand applications, operating systems, networking, cloud infrastructure and basic attacker Tactics, Techniques, and Procedures (TTPs). Additionally, they are expected to maintain a high level of rigor to stay up to date with advancements in technology, while also retaining knowledge of older systems and applications in use.  A mix of Blue Team and/or Red/Purple Team and/or MSSP experience is preferred.

While leading the Security Operations Center will be this individual’s primary role, we seek out Information Security Analysts/Engineers with a broad range of skills who can pivot to other technologies, or who can passionately learn other skills and technologies.  At iHerb, you will have the ability to ‘choose your own adventure’ a percentage of the time in other areas of Cyber Security, including and not limited to:  Incident Response, Incident Handling, SOC and Intrusion Analysis, Automation, Cyber Threat Intelligence, Dark Web Monitoring, Phishing Defense, Cyber Defense, and Offensive Security.

Job Expectations:

• Work as a team to consistently learn and share advanced skills and foster team excellence.
• As an active member of the team, monitor and process response for security events on a 24x7 basis.
• Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
• Participate in threat modeling collaboration with other members of the security team.
• Work with, and provide feedback to, Engineers and the Red/Purple team, to help measure the efficacy of defenses, identify, and remediate gaps, and improve our security posture and defenses.
• Leverage SOAR (security orchestration, automation, and response) solution to automate repetitive tasks and simplify workflows.
• Assist with incident response as events are escalated, including triage, remediation, and documentation.
• Aid in threat and vulnerability research across event data collected by systems.
• Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats.
• Work alongside other security team members to hunt for and identify security issues generated from the network, including third-party relationships.
• Seek opportunities to drive efficiencies.
• Manage security event investigations, partnering with other departments (e.g., IT) as needed.
• Evaluate SOC policies and procedures and recommend updates to management as appropriate.
• Adhere to service level agreements (SLAs), metrics and business scorecard obligations for ticket handling of security incidents and events.
• Partner with the security operations team to improve tool usage and workflow, as well as other teams to mature monitoring and response capabilities.
• Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security, and data networking, to offer global solutions for a complex heterogeneous environment.
• Maintain working knowledge of advanced threat detection as the industry and the threat landscape evolves.
• At iHerb, you will have the ability to ‘choose your own adventure’ a percentage of the time in other areas of Cyber Security, including and not limited to:  Digital Forensics and Incident Response (DFIR), Incident Handling, SOC and Intrusion Analysis, Automation, Cyber Threat Intelligence, Dark Web Monitoring, Phishing Defense, Cyber Defense, and Offensive Security.
• Perform other duties as assigned.

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Knowledge, Skills and Abilities:

• At least 5+ years’ experience in information security monitoring and response, security operations, or related experience.
• Experience with Blue Team and/or Red/Purple Team and/or MSSP experience preferred.
• Experience working in a 24x7 operational environment, with geographic disparity preferred.
• Experience driving measurable improvement in monitoring and response capabilities at scale.
• Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP and other network and system monitoring tools.
• A passion for analyzing logs, alerts, traffic directionality, and other aspects of Cyber Defense.
• General understanding of security fundamentals (cryptography, least privilege, segregation of duties, …) and general security technologies, including operating systems, network security (firewalls, VPNs, EDR, Web Content Filtering, etc.), security incident and event management, business continuity, physical security, identity management, directory services, etc.
• Knowledge of a variety of Internet protocols.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI-DSS), Health Information Portability and Accountability Ace (HIPAA), Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR).
• Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices.
• Experience with Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).
• Understanding of AWS services: EC2, VPC, IAM, AWS Systems Manager, etc.
• Understanding of CVSS scoring, OWASP, the MITRE ATT&CK framework and the SDLC.
• A strong passion for cyber security, and ability to learn and work, in a fast paced and dynamic environment.
• Self-starter requiring minimal supervision.
• Strong work ethic, including consistent documentation and tracking of activities.
• High degree of accuracy and attention to detail.
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
• Excellent organization skills, accuracy, attention to detail, and ability to multitask.
• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface.
• Highly organized and efficient, with an analytical and problem-solving mindset.
• Demonstrates highly effective communications skills, with ability to influence business units.
• Demonstrates strategic and tactical thinking, along with decision-making skills and business acumen.
• Works calmly under pressure and with tight deadlines and in high stress situations.
• Leads by example.

Equipment Knowledge:

• Experience with Cyber Defense security monitoring, SIEM tools, IDS/IPS, web filters, EDR/NGAV, SOAR, etc.
• Knowledge of incident generation, correlation, aggregation, tuning (noise to signal), packet/payload inspection, differentiating between true/false positives/negatives.
• Experience working with Splunk or equivalent SIEM’s, understanding dashboards, alerts, queries, regex, etc.
• Experience with cloud, systems, email, and network security.
• Experience with container platforms (Docker, Kubernetes, …) desired.
• Experience with various tooling in the Information Security space.
• Knowledge of IT/Information Security Audit and assessment.
• Knowledge researching, analyzing, and recommending information security solutions.
• Knowledge of information security practices and concepts including firewalls, intrusion detection/prevention, EDR, NetFlow analysis, access controls, risk analysis, vulnerability scanning, web content filtering, web proxy systems, DFIR, application whitelisting and data encryption.
• Security awareness and enterprise phish testing systems.
• Experience with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.).
• Experience with Google Workspace (e.g., Gmail, Drive, Docs, Sheets, Forms. etc.) preferred.

Experience Requirements:

Generally, requires a minimum of five (5) years of general work experience and one (1) year of relevant experience in functional responsibility. A minimum two (2) years of security monitoring, security operations, Blue Team and/or Red/Purple Team, and/or MSSP experience, preferred.

Preferably, one or more of the following certifications: GCIH, GCIA, GPEN, GWAPT, CISSP, or equivalent.

Education Requirements:

BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems, or comparable training/experience, or a combination of education and equivalent work experience.

Judgment/Reasoning Ability:  Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise, and diplomacy.  Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.

Physical Demands:  The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job.  While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms.  Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the workday.  The Team Member may occasionally lift or move office products and supplies up to 25 pounds.  Proper lifting techniques required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Work Environment:  The noise in the work environment is usually moderate.  Other factors are:

• Hectic, fast paced with multi-level distractions
• Professional, yet casual work environment
• Office / Warehouse environment
• Ability to work extended hours as required