Randstad SOC Analyst in Los Angeles, California
Los Angeles, CA
Friday, September 30, 2016
This is a technical, hands-on role within the Bank s mission-critical, 24/7 production environment. The person is primarily responsible for monitoring and analyzing network traffic and security event data, as well as responding timely and appropriately to events or incidents that may impact the production environment. This role will investigate intrusion attempts and perform in-depth analysis of exploits. This role must also be flexible and be able to collaborate well with other staff in discussing production impacting issues, reviewing relevant security event logs, and escalating significant items as appropriate. We re looking for a self-starter with strong technical skills in the field.
.Monitor and analyze network traffic and security event data. .Investigate intrusion attempts and perform in-depth analysis of exploits. .Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident. .Conduct proactive threat and compromise research and analysis. .Review security events that are populated in a Security Information and Event Management (SIEM) system. .Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident. .Conduct digital forensics and malware analysis triage analysis. .Independently follow procedures to contain, analyze, and eradicate malicious activity. .Document all activities during an incident and providing leadership with status updates during the life cycle of the incident. .Create a final incident report detailing the events of the incident .Provide information regarding intrusion events, security incidents, and other threat indications and warning information to US government agencies. .Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions. .Responsible for assisting and resolving user logon or other access related issues being reported and escalated. .Foster and maintain good relationships with colleagues to meet expected customer service levels. .Maintain contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards and technologies Requirements
.Minimum two years of experience in a SOC, NOC, or other security or technical support role required. .Minimum two years of experience working with security and/or network related tools such as IPS/IDS, SIEMs and other monitoring and incident response type tools required. .*Minimum two years of experience working with Windows and Linux servers in an enterprise environment required. .Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a team setting. .Security related certifications (such as SANS GIAC, GSEC, CISSP, CISM, CEH, etc.) are a plus. .Familiarity with network security methodologies, tactics, techniques and procedures. .Experience reviewing and analyzing network packet captures is a plus. .Experience performing security/vulnerability reviews of network environments. .Possess a comprehensive understanding of the TCP/IP protocol, security architecture, and remote access security techniques/products. .Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns is a plus. .Experience monitoring, detecting, and contributing to response efforts of advanced persistent threats is a plus. .Knowledge of digital forensic and static malware analysis techniques is a plus. .Working knowledge of network architecture is a plus. .Strong research background, utilizing an analytical approach is a plus. .Must be able to react quickly, decisively, and deliberately in high stress situations. .Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers.