SOC Analyst
Nouryon
- Houston, TX
- Permanent
- Full-time
- Security Information & Event Management (SIEM) solutions - ingesting log sources, tuning triggers and correlation rules to remove white noise, implementing new detections, and conducting maintenance / administration for the SIEM solution.
- Security Event Management - improving playbooks, analyzing events, kicking off incident management processes for escalations.
- Incident Management - support incident management activities as applicable, per assigned responsibilities.
- Respond to triggered cybersecurity events, conducting triage, analyzing impacts, contacting users, and escalating to incident management where thresholds are met.
- Policy Violation Response: Handle reported violations of rules, regulations, policies and standards related to cybersecurity, using the support framework provided by the Security Operations Center. Provide evaluations and recommend actions.
- Coordinate response efforts with managed security service providers, ensuring adherence to authorized playbooks and procedures.
- Support incident management planning efforts, to include maturing processes, assisting with tabletop exercises, and improving documentation.
- Supporting Role: Work alongside the Chief Information Security Officer (CISO) and Information Management (IM) Services teams to support security deliverables and operations.
- Bachelor's degree in business management, computer science, computer engineering, mathematics or equivalent work experience
- Certified SOC Analyst (CSA) or equivalent certifications: Certified Ethical Hacker (CEH), CompTIA Security, GIAC Certified Intrusion Analyst
- In depth knowledge of NIST, ISO standards and frameworks like COBIT and ISO/IEC 27001 / 27002
- Significant relevant work experience and broad general knowledge of cybersecurity.
- Experience supporting and working on various cybersecurity technologies such as SIEM, Logging tools, firewalls, IDS/IPS, EDR, UEBA.
- Knowledge of authentication technologies such as privileged access management, Active Directory, etc.
- Experience triaging security events using a variety of tools and methodologies.
- Experience conducting incident response activities and seeing incidents through to successful remediation.
- Experience with a programming/scripting language such as Python, Perl or similar.
- Knowledge of networking and networking protocols.
- A minimum of 5 years relevant works experience in cybersecurity, including supporting an international user base.
- Programming
- Incident handling and documentation
- Log analysis
- Security Information and Event Management (SIEM) operations
- Communication and collaboration
- Ability to work under pressure
- Able to manage and motivate team members
- Self-motivated and drive for result
- Training capabilities
- Good communication, writing and listing skills with security team, suppliers, and colleagues at all levels in the organization
- Demonstrate professionalism and integrity
- Innovation and continuous improvement