SOC Analyst II

At Armor, we are committed to making a meaningful difference in securing cyberspace. Our vision is to be the trusted protector and de facto standard that cloud-centric customers entrust with their risk. We strive to continuously evolve to be the best partner of choice, breaking norms and tirelessly innovating to stay ahead of evolving cyber threats and reshaping how we deliver customer outcomes. We are passionate about making a positive impact in the world, and we're looking for a highly skilled and experienced product manager to join our dynamic team.

SUMMARY

Armor is seeking a talented and highly motivated individual to serve as a Security Operations Analyst L2 in the Armor SOC (Security Operations Center).

ESSENTIAL DUTIES AND RESPONSIBILITIES (Additional duties may be assigned as required.)

• Monitor, investigate, analyze, and remediate or escalate indications of compromised or breached systems and applications.
• Work closely with both technical and non-technical customers through the incident response process.
• Respond to inquiries in a timely manner, advising customers on security best practices.
• Advanced use of a large-scale multi-tenant SIEM and SOAR environment.
• Maintain knowledge of current and emerging cyber threats; grow relationships with other incident response professionals, industry partners and vendors.
• Analyze threats for unique indicators of compromise; work with fellow SOC team members to create countermeasures to aid in future prevention and detection of cyber threat activity.

REQUIRED SKILLS

• Familiar with industry standard security tools: NIDS/HIDS, NIPS/HIPS, WAF, NGFW, AV, FIM, EDR, SIEM (Sentinel, QRadar etc.) and SOAR.
• Critical thinker who can analyze and identify basic indicators of compromise on hosts and applications.
• Understand the structure and the meaning of logs from different log sources such as Firewall, IDS/IPS, Windows, Linux, Cisco Appliances, Antimalware software, email security etc.
• Fine Tune SIEM rules to reduce false positives and remove false negatives.
• Able to perform basic forensic analysis and live triage of hosts to include examining running processes, network connections, system logs, file system activity, and more for signs of anomalous behavior.
• Experience with fundamental networking, native cloud technologies, micro services, scripting, and automation concepts.
• Must be able to read and modify code (such as Python, Javascript, etc.) for both analysis and automation.
• Ability to work evenings/weekends as required and to be on-call 24x7 to serve as the escalation point for your team.
• Prior experience working directly as a security analyst required.
• Prior incident response experience is highly preferred including interactions with customers via phone calls, chat, incident tickets and emails.

Experience / Certifications:

• Must possess or be able to obtain at least TWO of the following certifications within 90 days of starting:
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Identity and Access Administrator Associate (SC-300)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Certified Ethical Hacker (CEH)

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually low to moderate. The work environment may be in either an office setting, at the company's data center, at a client location or at an industry trade event.

Equal Opportunity Employer - It is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran status, or any other consideration protected by federal, state or local laws.