Job Description

: Role Summary/Purpose: A Threat Detection Analyst participates in coverage for alert monitoring and incident detection and also supports preliminary incident response where appropriate. The L1 Analyst is responsible for the initial triage of security alerts and indicators generated by the incident monitoring systems (e.g. Splunk ES). This will require personnel to look at the highest number of alerts, while performing the lowest level of analysis. Analysts continuously monitor the alert queue for new alerts and are direct consumers of the JSOC configured security suite. The role determines if an alert is deemed an incident and will be required to query referential information such as events to add context to the alert.
Essential Responsibilities:

• Monitors alerting tools and also handles escalated incidents from Helpdesk, Physical Security, Network Team and Customers.
• Triages alerts as they come in and action appropriately.
• Respond to common alerts in a consistent and repeatable manner from multiple alerting sources.
• Responsible for triage of a variety of alerts stemming from C2 beaconing, malware, or phishing attempts.
• Provide escalations of unknown threats to Level 2.
• Identify abnormal security events and trigger the call list / distribution list.

Qualifications/Requirements:

• Minimum Graduation degree with minimum 1 year of experience in SOC operations in lieu of degree, minimum 3 years of experience in SOC operations
• Ability to work in rotating shifts and also be on-call outside of shift hours on a regular and recurring basis.
• Possess personal and professional integrity. Individuals will be required to submit to a background examination.
• Good oral and written communication skills.
• Possess desire to solve problems logically.
• For Internal Applicants: Understand the criteria or mandatory skills required for the role, before applying.
• Inform your Manager or HRM before applying for any role on Workday.
• Ensure that your Professional Profile is updated (fields such as Education, Prior experience, Other skills) and it is mandatory to upload your updated resume (Word or PDF format)
• Must not be any corrective action plan (First Formal/Final Formal, PIP)
• Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.
• Level 5, 6 & 7 employees are eligible to apply

Desired Characteristics:

• Ability to perform logical problem solving.
• Possess basic understanding of enterprise grade technologies including operating systems, databases and web applications.
• Ability to read and understand basic system data including security event logs, system logs, application logs, and network traffic.
• Demonstrate understanding for basic internet traffic concepts (e.g. DNS, HTTPS, HTTP).
• Network infrastructure knowledge (e.g. router, switch, firewall).
• Security best practices for operating systems such as Microsoft Windows or Redhat.
• Experience of working in high performing teams and understand the dynamics of teamwork in a SOC environment.

Grade/Level: 08 Job Family Group: Information Technology