Title: SOC Analyst
Location: Atlanta, GA
Monitoring: monitoring email queue, ticket activity, alerts in SIEM, escalations from vendors, CTI teams, CSIRT and other teams. The purpose would be to ensure all esclations to L3 are quickly received, acknowledged, and actioned. The monitoring on the technical level would require reviewing alerts, activity, indications of infections and other security triggers to determine whether something malicious is occurring in the environment. This would require familiarity with various security products (e.g. SIEM, EDR, Proxies, Firewalls, etc.) as well as familiarity with attack methodologies.
Investigation & Analysis: the candidate should be versed in malware analysis, should know how malware is written (essential building blocks of how malware code is engineered and what it usually contains), its manner of execution, its lifecycle (across various MAF tactics & techniques) and how it escalates. Should know sand boxing concepts thoroughly and should have at minimal intro level understanding of reverse engineering concepts. This means the candidate should know import tables, libraries function calls, persistence, lateral movement methods, etc. The candidate should also be familiar with Windows System Internals (how the Windows OS functions)
The candidate should have a general investigative mindset and think like an investigator- asking the deeper questions to draw context, purpose, rationale, logic as to why the author/payload performed its operation. The candidate should know how to search & parse/sort through data sets such as process executions, dns calls, network connections, services installed, registry changes made on system and know how to hunt for those particular datasets - whether those are event logs, DC logs, authentication logs, netflow logs, sysmon logs, etc. The hunter should be able to form hypothesis as to what a particular event(s) may indicate and know how to prove/disprove the hypothesis, know how to pivot and reestablish consequential hypothesis from the results.
The candidate should have good communications skills, write clearly and to the point, be able to deliver content based on the audience it is intended for, have a generally good command of the English language.
The candidate should have a generally positive attitude, be driven, be a team player, seek creative ways to contribute to team and effort, be available, resourceful and independent thinker for the most part.
IDC Technologies Inc.