Senior Security Analyst-GSOC
Job Description
Reviews alerts generated by SentinelOne and implement appropriate containment and mitigation measures
Analyzes payloads using JoeSandbox and escalates to the appropriate team as necessary
Collaborates with the Forensics team to conduct threat hunting using identified Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs)
Assists the Tiger Team in targeted collections of systems based on identified malicious activities in the client's environment
Conducts historical log reviews to support threat hunting efforts and ensures all malicious artifacts are mitigated in the SentinelOne console
Examines client-provided documents and files to supplement the SOC investigation and mitigation strategy
Stays up to date on the latest Threat Actor Tactics, Techniques and Procedures (TTPs)
Conducts perimeter scans of client infrastructure and reports any identified vulnerabilities to the Tiger Team for appropriate escalation
Manages client-related tasks within the ConnectWise Manage ticketing system as part of the Client Handling Lifecycle
Creates user accounts in SentinelOne console for the client
Generates Threat Reports showcasing activity observed within the SentinelOne product
Execute passphrase exports as needed for client offboarding
Submit legacy installer requests to ensure the team is properly equipped for deployment
Provides timely alert notifications to the IR team of any malicious activity impacting our clients
Assists with uninstalling/migrating SentinelOne
Generates Ranger reports to provide needed visibility into client environments
Manages and organizes client assets (multi-site and multi-group accounts)
Applies appropriate interoperability exclusions relating to SentinelOne and client applications
Performs SentinelOne installation / interoperability troubleshooting as needed
Contributes to the overall documentation of SOC processes and procedures
Investigates alerts escalated by Analysts (Tier I – Tier II)
Escalates alerts to Tier IV as necessary
Investigates alerts generated via custom rulesets
Attends client calls to provide updates related to alerts seen on a client network, as needed
Develops custom SentinelOne interoperability exclusion(s) on client request
Contributes to the tuning and recommendation as it relates to the custom rulesets
Participates in “Handler on Duty (HOD) shifts” as assigned to support the Tiger Team(s) client matters
Develops internal Training/Process Documentation
Contributes ideas or helps build innovations to increase SOC efficiencies
Performs client external EDR/EPP threat hunts (Carbon Black, CrowdStrike, etc.)
May perform other duties as assigned by management
Skills And Knowledge
Advanced understanding of Windows and Unix operating systems
Thorough knowledge of EDR capabilities and investigations
Advanced understanding of Digital Forensics and Incident Response practices
Comprehensive analysis techniques for reviewing large datasets in various formats
Strong analytical and problem-solving skills
Demonstrated experience in threat intelligence and research
Demonstrated experience in malware analysis and reverse engineering
Expertise in PowerShell and Python scripting languages
Thorough understanding of TCP/IP and OSI Model concepts
Thorough understanding of the Incident Response Life Cycle stages (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned)
Thorough understanding of the MITRE ATT&CK framework
Proven ability to work independently and solve complex problems with little direction from management.
Highly detail-oriented and committed to producing quality work
Job Requirements
Bachelor's Degree and 6+ years of IT security related experience or Master's or Advanced Degree and 5+ years related experience
Expert experience with Endpoint Detection and Response (EDR) toolsets
Advanced experience working on a SOC/CIRT team
Ability to communicate in both technical and non-technical terms both oral and written
2+ Information Security Certifications (GIAC, Offensive Security, EC-Council, ISC2) preferred
DISCLAIMER
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.
WORK ENVIRONMENT
While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
No physical exertion required
Travel within or outside of the state
Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects
TERMS OF EMPLOYMENT
Salary and benefits shall be paid consistent with Arete salary and benefit policy.
FLSA OVERTIME CATEGORY
Job is exempt from the overtime provisions of the Fair Labor Standards Act.
DECLARATION
The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITY
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, ****** orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, ****** orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
