Security Operations Center Analyst

Consultant

The Security Operations Center (SOC) Analyst is primarily responsible for monitoring and responding to alerts generated by the SIEM. The role requires experience in a SOC environment, incident response process and the ability to analyze threats, risks, and impact. The SOC Analyst will be a member of the Digital Security Group and work under the supervision of the SOC Manager, Digital Security. This is a shift position, on rotation to provide 24x7x365 coverage.

Responsibilities   The Security Operations Center (SOC) Analyst will be responsible for monitoring, analyzing, triaging, and remediating alerts generated by the monitoring tools. Escalating alerts to the SOC Manager, IR and remediation teams as deemed necessary from the analysis. The activity of monitoring includes daily review of the product consoles, analyzing the events, and determining which events are actionable. Responsibilities include but not limited to:

· Conduct real-time, continuous 'eyes-on-glass' monitoring of security events, responses, and reporting.

· Acknowledge tickets in ITSM according to defined service level agreements.

· Perform security event triage and validate potential threats following standard processes and procedures.

· Analyze, contextualize, and monitor security alerts from various advanced security platforms.

· Utilize internal and external data sources to research and enrich event information, determining if an event warrants classification as an "incident."

· Validate IOCs, investigate intrusion attempts, and conduct in-depth analysis and correlation of host-based logs, network traffic, and other data sources.

· Conduct continuous monitoring of event logs, evaluating, analyzing, and correlating triggers based on established Threat Use Cases.

· Diagnose events using identification playbooks to discern false positives or duplicates.

· Execute daily tasks including ticket review, investigate security events effectively, communicate findings, and escalate concerns to senior staff and/or SOC Manager as needed, per the established playbooks and SOPs (Standard Operating Procedures).

· Identify and prioritize incidents based on organizational impact or threat severity.

 

Position is part of a 24x7x365 shift rotation which will require after-hours and weekend work, may also require on-call as needed to support KPMG business needs.

What you bring to the role

· 3-year college degree or higher

· 2+ years of experience in a SOC environment in the areas of: incident detection and response, remediation,

malware analysis, or Incident Response / forensics

· Hands-on experience with Microsoft Sentinel or other SIEM and EDR/XDR technologies, creating and running

queries, and performing analytics, examination of logs and console events.

· Exposure to Microsoft Defender Endpoint, CSPM/CWP, or similar technologies

· Experience in Web Application Firewalls and API security

· Knowledge or experience in cloud security (Azure)

· Good understanding of SANS and MITRE ATT&CK Frameworks.

· Any industry relevant(s) certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CompTIA

CySA+, GIAC is an asset.

· Strong understanding of business processes and ability to manage change/adhere to change management

processes.

· Great communication skills

Nice to Have:

· Knowledge or experience in cloud security (GCP or AWS)

· Experience in malware analysis and reverse engineering

The Security Operations Center (SOC) Analyst is primarily responsible for monitoring and responding to alerts generated by the SIEM. The role requires experience in a SOC environment, incident response process and the ability to analyze threats, risks, and impact. The SOC Analyst will be a member of the Digital Security Group and work under the supervision of the SOC Manager, Digital Security. This is a shift position, on rotation to provide 24x7x365 coverage.

Responsibilities   The Security Operations Center (SOC) Analyst will be responsible for monitoring, analyzing, triaging, and remediating alerts generated by the monitoring tools. Escalating alerts to the SOC Manager, IR and remediation teams as deemed necessary from the analysis. The activity of monitoring includes daily review of the product consoles, analyzing the events, and determining which events are actionable. Responsibilities include but not limited to:

· Conduct real-time, continuous 'eyes-on-glass' monitoring of security events, responses, and reporting.

· Acknowledge tickets in ITSM according to defined service level agreements.

· Perform security event triage and validate potential threats following standard processes and procedures.

· Analyze, contextualize, and monitor security alerts from various advanced security platforms.

· Utilize internal and external data sources to research and enrich event information, determining if an event warrants classification as an "incident."

· Validate IOCs, investigate intrusion attempts, and conduct in-depth analysis and correlation of host-based logs, network traffic, and other data sources.

· Conduct continuous monitoring of event logs, evaluating, analyzing, and correlating triggers based on established Threat Use Cases.

· Diagnose events using identification playbooks to discern false positives or duplicates.

· Execute daily tasks including ticket review, investigate security events effectively, communicate findings, and escalate concerns to senior staff and/or SOC Manager as needed, per the established playbooks and SOPs (Standard Operating Procedures).

· Identify and prioritize incidents based on organizational impact or threat severity.

 

Position is part of a 24x7x365 shift rotation which will require after-hours and weekend work, may also require on-call as needed to support KPMG business needs.

What you bring to the role

· 3-year college degree or higher

· 2+ years of experience in a SOC environment in the areas of: incident detection and response, remediation,

malware analysis, or Incident Response / forensics

· Hands-on experience with Microsoft Sentinel or other SIEM and EDR/XDR technologies, creating and running

queries, and performing analytics, examination of logs and console events.

· Exposure to Microsoft Defender Endpoint, CSPM/CWP, or similar technologies

· Experience in Web Application Firewalls and API security

· Knowledge or experience in cloud security (Azure)

· Good understanding of SANS and MITRE ATT&CK Frameworks.

· Any industry relevant(s) certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CompTIA

CySA+, GIAC is an asset.

· Strong understanding of business processes and ability to manage change/adhere to change management

processes.

· Great communication skills

Nice to Have:

· Knowledge or experience in cloud security (GCP or AWS)

· Experience in malware analysis and reverse engineering

The Security Operations Center (SOC) Analyst is primarily responsible for monitoring and responding to alerts generated by the SIEM. The role requires experience in a SOC environment, incident response process and the ability to analyze threats, risks, and impact. The SOC Analyst will be a member of the Digital Security Group and work under the supervision of the SOC Manager, Digital Security. This is a shift position, on rotation to provide 24x7x365 coverage.

Responsibilities   The Security Operations Center (SOC) Analyst will be responsible for monitoring, analyzing, triaging, and remediating alerts generated by the monitoring tools. Escalating alerts to the SOC Manager, IR and remediation teams as deemed necessary from the analysis. The activity of monitoring includes daily review of the product consoles, analyzing the events, and determining which events are actionable. Responsibilities include but not limited to:

· Conduct real-time, continuous 'eyes-on-glass' monitoring of security events, responses, and reporting.

· Acknowledge tickets in ITSM according to defined service level agreements.

· Perform security event triage and validate potential threats following standard processes and procedures.

· Analyze, contextualize, and monitor security alerts from various advanced security platforms.

· Utilize internal and external data sources to research and enrich event information, determining if an event warrants classification as an "incident."

· Validate IOCs, investigate intrusion attempts, and conduct in-depth analysis and correlation of host-based logs, network traffic, and other data sources.

· Conduct continuous monitoring of event logs, evaluating, analyzing, and correlating triggers based on established Threat Use Cases.

· Diagnose events using identification playbooks to discern false positives or duplicates.

· Execute daily tasks including ticket review, investigate security events effectively, communicate findings, and escalate concerns to senior staff and/or SOC Manager as needed, per the established playbooks and SOPs (Standard Operating Procedures).

· Identify and prioritize incidents based on organizational impact or threat severity.

 

Position is part of a 24x7x365 shift rotation which will require after-hours and weekend work, may also require on-call as needed to support KPMG business needs.

What you bring to the role

· 3-year college degree or higher

· 2+ years of experience in a SOC environment in the areas of: incident detection and response, remediation,

malware analysis, or Incident Response / forensics

· Hands-on experience with Microsoft Sentinel or other SIEM and EDR/XDR technologies, creating and running

queries, and performing analytics, examination of logs and console events.

· Exposure to Microsoft Defender Endpoint, CSPM/CWP, or similar technologies

· Experience in Web Application Firewalls and API security

· Knowledge or experience in cloud security (Azure)

· Good understanding of SANS and MITRE ATT&CK Frameworks.

· Any industry relevant(s) certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CompTIA

CySA+, GIAC is an asset.

· Strong understanding of business processes and ability to manage change/adhere to change management

processes.

· Great communication skills

Nice to Have:

· Knowledge or experience in cloud security (GCP or AWS)

· Experience in malware analysis and reverse engineering

Experience Level

Mid Level