Analista de Centro de Operações de Segurança - Remoto

Saia na frente:

CANDIDATE-SE

Vaga ofertada por parceiro do Jobbol:
Long term contract for American CompanyA Tier 3 SOC Analyst serves as a critical escalation point and deeper investigation resource within the SOC structure.
They are expected to possess a more advanced skillset and broader knowledge base than Tier 2 analysts, allowing them to handle more complex security incidents and contribute to proactive security measures.I.
Incident Investigation and AnalysisAdvanced Alert Triage and AnalysisThoroughly investigate security alerts escalated from Tier 2 or directly generated by security tools.Reconstruct event timelines, analyze logs across multiple systems, and correlate disparate data points.Deeply understand the context of security incidents, including affected assets, business impact, and potential attack vectors.Differentiate between true positives, false positives, and potential false negatives.Provide actionable guidance to Tier 2 analysts and relevant teams on containment and remediation actions.Complex Security Incident HandlingLead investigations for complex incidents, such as APTs, malware outbreaks, or significant data breaches.Perform malware analysis, including sandbox reports and identification of indicators of compromise (IOCs).Conduct network traffic analysis using tools like Wireshark to identify malicious activity.Perform endpoint forensic investigations using EDR tools to analyze process execution and registry modifications.Analyze logs across SIEMs, firewalls, and operating systems to identify advanced threats.II.
Threat Intelligence and Proactive SecurityThreat Intelligence UtilizationActively consume and integrate threat intelligence into security investigations.Contextualize threats by identifying potential threat actors and their tactics, techniques, and procedures (TTPs).Participate in threat hunting activities based on threat intelligence and anomaly detection.Detection Engineering and ImprovementTune and optimize detection rules in SIEM, IDS/IPS, and EDR tools to reduce false positives.Identify gaps in detection coverage and propose improvements.Develop new detection rules under the guidance of senior analysts.III.
Tooling, Technology, and Technical ProficiencyAdvanced Security Tool ProficiencyProficiently use SIEM platforms for alert analysis, correlation, and reporting.Expertly leverage EDR tools for endpoint investigation, containment, and forensic analysis.Analyze firewall logs and contribute to rule tuning.Understand IDS/IPS principles and review alerts for suspicious activity.Scripting and AutomationDevelop scripts in Python or PowerShell to automate security processes and data analysis.IV.
Collaboration, Communication, and EscalationCollaboration with Tier 2 and Other TeamsProvide guidance and mentorship to Tier 2 analysts.Communicate findings clearly to both technical and non-technical audiences.Escalate complex or high-severity incidents to the Incident Response Team with proper documentation.V.
Knowledge of Threat Actor Tools, Tactics, and BehaviorUnderstanding of TTPsPossess strong knowledge of common attack vectors (phishing, malware, web application attacks).Understand attacker methodologies across different attack stages (reconnaissance, initial access, persistence, etc.).Stay updated on emerging cyber threats and attack trends.