Security Analyst I
| Company | Deepwatch |
|---|---|
| Location | Washington, DC, USA, Tampa, FL, USA |
| Salary | $60000 – $84000 |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Entry Level/New Grad, Junior |
Requirements
- A basic understanding of cyber security principles, concepts and practice with a focus on SOC operations, alert triage and investigations
- Know your way around SIEM platforms (Splunk preferred), how to perform queries and leverage various log sources to perform investigations
- Articulate the process involved in pivoting to other log sources, cloud systems, or consoles to perform a comprehensive analysis from multiple data sources
- Have a basic understanding of modern EDR, email security and cloud identity platforms
- Review SIEM alerts and make a determination for what other sources or intelligence is needed to make a determination, relying on peers to help improve your skills and capabilities
- A strong understanding of all basic ports and protocols
- Familiarity with Windows, Mac, and Linux file path structure
- Familiarity with OSINT, TTPs and IOCs
- Strong written and verbal communication skills with the ability to produce well-written reports and analysis that’s thorough, accurate and complete
- Provide the customer with a complete understanding of the investigation
Responsibilities
- Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS
- Monitor a queue of security events generated by the Deepwatch platform SOAR, triage events based on their criticality, and escalate validated security events to customers
- Document and manage incident cases in our case management system
- Keep up-to-date with information security news, techniques, and trends
- Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering
- Become proficient with Splunk, ServiceNow and other third-party threat intelligence tools as required
- Perform security detection analysis and investigations using SIEM and SOAR technologies, leverage Deepwatch proprietary tooling and intelligence and maintain SLA’s
- Act as the first line of defense during security events by triaging and investigating alerts within a customer’s environment
- Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner
- Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program
Preferred Qualifications
- CEH, CySA, GSEC, Sec+, or equivalent certification preferred
- A college degree in Information Security or IT, related training, certifications or on-the-job experience