Skip to content
SOC Analyst – Level 1
| Company | Citigroup |
|---|
| Location | Irving, TX, USA |
|---|
| Salary | $96400 – $144600 |
|---|
| Type | Full-Time |
|---|
| Degrees | |
|---|
| Experience Level | Mid Level |
|---|
Requirements
- 3+ years’ hands-on experience working in a SOC environment as it relates to the technologies and functions provided below
- Experience with SIEM tools like LogRythm, ArcSight, SumoLogic, Splunk, etc.
- Experience with EDR tools like SentinelOne, CrowdStrike, Microsoft Defender for Endpoint, etc.
- Experience working with Email Threat Protection tools such as Proofpoint, Ironscales, Darktrace, etc.
- Experience with Sandbox analysis tools (e.g., Datadog or comparable tools)
- Experience with PCAP analysis tools to determine malicious traffic
- Deep understanding of Intrusion Detection analysis (TCP/IP, packet level analysis) and Application Layer Protocols (HTTP)
- Advanced understanding of various operating systems (Windows/UNIX), and web technologies focused on Internet security
- Knowledge of current Cyber Fraud trends including common Account Takeover techniques and banking malware
- Knowledge of cutting-edge threats and technologies effecting Web Applications
- Knowledge of how Content Delivering Networks (CDN) work is a plus
- Understanding of or exposure to vulnerability assessment, penetration testing, or forensic analysis is a big plus
- Consistently demonstrates clear and concise written and verbal communication
- Proven influencing and relationship management skills
- Proven analytical skills
Responsibilities
- Identify significant IS threats and vulnerabilities
- Follow Pre-defined actions to handle BAU and High severity issues including escalating to other support groups
- Execute daily ad-hoc tasks or lead small projects as needed
- Create and maintain operational reports for Key Performance Indicators and weekly and monthly metrics
- Perform assessments and provide troubleshooting to help isolate technical issues based on a dynamic threat landscape
- Participate in ad-hoc conference calls as needed to manage quality assurance and documentation related tasks
- Identify areas for tuning use cases to enhance monitoring value
- Engage with Fraud Policy, Operations, Strategy and other teams for early detection, prevention and mitigation of detected fraudulent activities
- Function as part of the Security Incident Response Team with incident investigations and aid in technical risk assessments
- Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
- Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed for the applications that they support
- Identify and develop new and improved technical procedures and process control manuals
Preferred Qualifications
- Certifications from EC-Council, GIAC, (ISC)² are preferred (e.g., CISSP, GCIA, CCNA)
