SOC Analyst III

At Armor, we are committed to making a meaningful difference in securing cyberspace. Our vision is to be the trusted protector and de facto standard that cloud-centric customers entrust with their risk. We strive to continuously evolve to be the best partner of choice, breaking norms and tirelessly innovating to stay ahead of evolving cyber threats and reshaping how we deliver customer outcomes. We are passionate about making a positive impact in the world, and we’re looking for a highly skilled and experienced product manager to join our dynamic team.

SUMMARY

Armor is seeking a talented and motivated individual to serve as a Security Operations Analyst L3. The Analyst would perform advanced, senior-level cybersecurity analysis work. The role involves protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. May supervise the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.

ESSENTIAL DUTIES AND RESPONSIBILITIES (Additional duties may be assigned as required.)

• Performs deep-dive analysis of information systems, portable devices, and forensic recovery of data using assessment tools.
• Monitor, investigate, analyze, and remediate indications of compromised or breached systems and applications.
• Perform Incident Response triage of live hosts, interacting with various Operating Systems [Win/Linux].
• Use and reporting of a large-scale SIEM and Data Analytics implementation in a dynamic cloud service provider environment.
• Work with customers through the Incident Management process based on NIST 800-53 and SANS best practices when issues are detected.
• Monitor and enforce guidelines for best practices in security and compliance in accordance with NIST 800-53.
• Research and investigate new and emerging threats and vulnerabilities.
• Participate in security communities.
• Review, maintain, and develop processes and procedures for information collection, analysis, and dissemination.
• Mentor junior analysts and serve as an escalation point during Incident Response activities.

REQUIRED SKILLS

• Thorough understanding of Operating Systems [Win/Linux], Networking, and Information Security.
• Thorough understanding of security threats, threat analytics and current mitigation techniques.
• Skilled in Incident Response and network security monitoring.
• Public Cloud Administration knowledge (Azure, AWS, GCP).
• Hands-on experience with a range of security tools such as IDS, WAF, Anti-malware, FIM, and others.
• Technically proficient in network communication using IP protocols, system administration knowledge of computer network defense operations (proxy, firewall, IDS/IPS, route/switch).
• System security and SIEM operations experience.
• Ability to work evenings/weekends shifts as required and to be on-call 24x7 to serve as the escalation point for your team. Available on call.
• Experience in security incident reporting and procedures.
• Able to handle private and confidential information with physical and ethical care.
• Excellent communication (oral and written), interpersonal, organizational, and presentation skills including interactions with customers via phone calls, chat, incident tickets and emails.
• Creative problem solver with effective resolution ability and analytical skills.
• Able to articulate technical ideas at multiple levels, ability to establish and maintain credibility with business constituents at all levels.
• Must be effective in managing time, and service levels, and prioritizing tasks between a diverse set of assigned duties.
• Must possess or be able to obtain the following certifications within 90 days of starting:
  • Microsoft Certified: Security Operations Analyst Associate (SC-200)
  • Microsoft Identity and Access Administrator Associate (SC-300)
  • Microsoft Certified: Azure Security Engineer Associate (AZ-500)
  • Certified Ethical Hacker (CEH)
• 5-10 years of direct experience in the field of Information Security required including an educational background in a related technical discipline, or the equivalent combination of education, professional training, or work experience.
• Other desirable certifications include CISSP, CISA, OSCP, and GCFA.
• Self-starter and self-learner with the ability to work in a flexible and production-orientated environment/ adaptability to change.
• Consistently leads with a curious mind to stay abreast of emerging trends, tactics, and an ever-changing technological landscape to enhance Armor’s Security Posture.

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually low to moderate. The work environment may be in either an office setting, at the company’s data center, at a client location or at an industry trade event.

Equal Opportunity Employer - It is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran status, or any other consideration protected by federal, state or local laws.