SOC Analyst II

  • Full Time
  • Anywhere

Website ProCircular, Inc.

Passionate about cybersecurity, built around people.

Company Overview

ProCircular is about relationships and trust. We provide organizations with practical expertise and guidance to manage risk, improve security readiness, meet regulatory commitments, and continually address the latest cyber threats.

 

People are at the center of our philosophy, and quality is the cornerstone. We build trust by being approachable, realistic, and unbiased. Each client’s unique goals guide our work and every project produces a tangible result and a clear roadmap. We’re passionate about cybersecurity, serious about quality, built around people.

 

Position Summary

This position is responsible for working closely with team members and clients to proactively discover undetected threats through ongoing monitoring of the environment for vulnerabilities and threats for Manages Security Services clients.  You will serve as a primary responder for Managed Security customer systems, taking ownership of client configuration issues and tracking through resolution.

 

To perform this job successfully, an individual must be able to perform each essential job function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability.

 

Essential Job Functions (include but are not limited to the following)

Engineer, implement and monitor security measures for the protection of computer systems, networks and information.
Flexible on-call participation as needed to support 24/7 Security Operations Center.
Identify and define system security requirements.
Design system security architecture and develop detailed security designs.
Prepare and document standard operating procedures and protocols.
Configure and troubleshoot security infrastructure devices.
Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
Reviews the latest alerts to determine relevancy and urgency.
Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review.
Eyes on glass monitoring of security incidents within established customer Service Level Agreements.
Assist as required in remediation of critical information security incidents
Reviews trouble tickets generated by Tier 1 engineers.
Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation.
Determines and directs remediation and recovery efforts.
First responder to security event escalations via email, phone and ticket
Communicates alerts to clients regarding intrusions and compromises to their network infrastructure, applications and operating systems
Tuning of rules, filters and policies for detection-related security technologies to improve accuracy and visibility
Assist with Incident Response and forensic investigations.
Operate with integrity and accountability.
Other duties as assigned.
Uphold the values of ProCircular and abide by the Company handbook.

 

Position Requirements

The requirements listed below are representative of the knowledge skills and abilities required. Employees who do not possess the requirements for a job at the time of hire will not be considered for the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

 

Required Skills and Experience

Experience analyzing security event data for attack patterns and understanding attacker tactics.
Create alerts that trigger/activate on configured setting to deploy or sends email to a particulate destination email or groups.
Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior.
Ability to interpret IOC’s and use them efficiently for alerting.
Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks.
Proficiency in, at least one, programming and scripting language.
Experience using multiple online sources in order to identify new threats.
Proven understanding of monitoring devices such as firewalls, network and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs.
Create documentation around the content deployed to the SIEM.
Demonstrated proficiency in developing SIEM correlation rules to detect new threats beyond current capabilities.
Manage appliance or virtual appliance OS and SIEM software.
Perform initial installation and ongoing maintenance of SIEM platforms for clients.
Create custom rules/rule modifications and custom reports/ report modifications as needed.
Troubleshoot issues with log sources or systems.
Responsible for mentoring and training of SIEM Engineer I employees.
Thorough understanding of the latest security principles, techniques, and protocols.
Capable of working effectively independently and in a team environment.
Must be self-motivated, goal and detail oriented.
Flexible and adaptable to changing work environment.
Ability to prioritize multiple tasks and manage time efficiently.
Communicate in a positive manner with clients and escalate any issues and/or messages accordingly.
Must be able to efficiently use Microsoft Word and Excel.
Desired Skills and Experience

Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
Strong knowledge of Ansible or Python scripting, indexing, and searching via Elasticsearch.
Experience working with internal and client ticketing and knowledge base systems for Incident and Problem Tracking, as well as procedures. (i.e. Jira, Confluence, etc.).
Knowledge of Linux and Windows Operating Systems.
Working knowledge of VMWare and HyperV
Working knowledge of Windows Active Directory Domains
Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
Knowledge of cyber threats and vulnerabilities.
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
Knowledge of incident response and handling methodologies.
Knowledge of network traffic analysis methods.
Knowledge of security system design tools, methods, and techniques.
Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
Knowledge of the common attack vectors on the network layer.
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
Knowledge of cyber attackers (e.g., script kiddies, insider threat, nation/non-nation state sponsored).
Knowledge of system administration, network, and operating system hardening techniques.
Knowledge of pentesting methodologies.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
Knowledge of how to use network analysis tools to identify vulnerabilities.
Experience with various SIEM security products such as Splunk, AlienVault, and Elastic.
Prior experience working with container-based technologies such as Docker and Kubernetes.
Prior experience working with the ELK stack including Elasticsearch.
Prior experience using Git/Github.
Prior consulting experience.
Natural curiosity to get to the root cause
Experience working with customers via the phone
Be able to lead internal technical projects
Critical thinking and analytical skills
Be familiar with using data visualization tools and penetration testing tools
Education and Experience Requirements

3+ years professional experience managing and maintaining SIEM systems.
2+ years professional experience working with networks and network architecture.
1+ year professional experience writing SIEM content.
Security certifications a plus (ex. CISSP, GCFA, GCIA, GCIH, CEH, etc.)
Military security clearance a plus.
Language Requirement

The primary language of ProCircular is English. Excellent communication skills are required, defined as the ability to:

Actively listen for total comprehension
Ask questions that enhance the understanding of a certain topic
Relay information and/or instruction in a descriptive and understandable fashion in both written and verbal format
Reasoning Ability Requirements

High-functioning, reasoning abilities are necessary to meet deadlines, prioritize company and customer needs, and work in a high functioning collaborative team environment.

 

Physical Requirements

Occasional lifting up to 40 lbs. may be necessary from time to time. Must be able to sit for long periods of time, view a computer monitor, and type frequently/constantly (up to 8 hours a day).

 

Travel Requirements

Valid driver’s license is required for occasional travel.

 

Schedule Expectations

Our normal hours of operation are from Monday through Friday, from 8:00 am to 5:00 pm.

 

Full-Time: Full-Time employees are defined legally as working at least 30 hours per week, however; full time positions at ProCircular require at least 40 hours. This position requires 40 hours worked within a regular workweek. Occasionally, time over 40 hours may be necessary in order to meet the requirements of the position. As long as performance expectations are met, employees may flex his or her schedule, subject to preapproval of one’s direct supervisor.

 

Supervision Requirements

This position does not have supervisory responsibilities.

 

Performance Expectations

All teammates are evaluated at least annually on their performance based on the essential job functions in this job description, along with ProCircular’s Core Values:

 

It’s about people

People define every part of our business. Growth potential is based on the abilities and personalities of the people involved. Technology solutions are a part of the equation, but it’s the people in an organization that define its true security. We work hardest when we’re supporting one another. We take care of each other; we take care of our families, and in doing so we take better care of our customers.

Fear is the mind killer

We don’t let fear define the need for our services and we don’t present a problem without discussing realistic response or mitigation options. There’s more than enough to worry about in life and plenty of people telling us to be afraid. We’re solutions people, not fear mongers.
Strong opinions lightly held

Opinions are important—they coalesce facts, reason, experience, and judgment into actionable points of view. We present our opinions with logic and reason rather than emotions, offering several alternatives to each challenge and the supporting data. The rejection of an idea is not a rejection of the individual or their merit. Everyone has a voice and a chance to speak, regardless of title, station or seniority.
Quality over speed, speed over cost

Every organization must consciously balance quality, speed, and cost. We will always put the quality of our work first. We make great efforts to move quickly, but never at the expense of quality. While we strive to keep our services affordable, we never choose an inexpensive alternative that will adversely impact quality or speed.
Cool heads, warm hearts

We keep a cool head and help others do the same, especially in a crisis. We approach adversity with patience, logic, and understanding. Mistakes happen; we don’t hide, ignore, condemn, or fear them. Mistakes are opportunities to exemplify honesty, accountability, professionalism, tolerance, and grace. Instead of pointing a finger, we use humor, empathy, and fun when it matters most.

R-E-S-P-E-C-T

We treat each other how we hope to be treated. We don’t yell; we aren’t condescending, and we always try to understand the other person’s perspective, before reacting to it. We keep it light and we listen. We extend this principle to our customers, and we understand that talking down to them is the easiest way to send them to a competitor.

Tomorrow just happened

Life is what happens when we’re busy making other plans. We work hard on today but we’re always thinking about the future. We take extra time to make sure we’re learning and looking ahead. No matter what your discipline or area of expertise, you’re adding your capabilities to the long-term plan for the organization and its clients.

To apply for this job please visit procircular.com.

Interest Form

Join A TAI Roundtable

Please fill out this form to indicate your interest in joining one of Technology Association of Iowa’s Roundtables.

Participation in the CIO, CISO or CEO Roundtables is exclusively reserved for technology executives of TAI member organizations with these (or comparable) job titles. All other TAI Roundtables is exclusively reserved for individuals employed by TAI member organizations. Not a member? Join now.

  • This field is for validation purposes and should be left unchanged.