SOC Analyst - Level II

We make technology personal!

KiZAN is an Industry leading Microsoft Professional Services and Managed Services Provider supporting Regional, National and Global clients. We personalize technology by sparking passion, fueling purpose, and building connections.

Here at KiZAN, we are one team, we support each other and take the initiative to solve problems. We are fully committed to the direction chosen and always support our mission. Being a part of KiZAN means that we win together, we create an inclusive atmosphere where everyone feels accepted, a sense of purpose, and we embrace collaboration.

OVERVIEW

A Level 2 Analyst is a subject matter expert responsible for managing threats, disseminating information, and handling, responding to and investigating all incident escalations from the Security Operations Center. Level 2 team members are responsible for coordinating with the CSIRT process when necessary and managing incidents throughout the event life cycle. Level 2 team members will further an investigation and ensure root cause and resolution for metrics, tracking, and lessons learned are compiled, documented, and disseminated in conjunction with the CIRT process.

They will provide insight and expertise to examine malicious code (malware), attack vectors, network communication methods, analyze threats against target systems and networks, determine target network capabilities and vulnerabilities, support development and maintenance of new tools and techniques to exploit specific targets, and produce technical after-action reports in support of the SOC. Level 2 members will be the focal point for critical security Alert, Events, and Incidents and will serve as subject matter experts in providing recommendations to the SOC Incident Manager and other members of Information Security and IT management for escalation and remediation. Level 2 Analysts are also responsible for training and mentoring their Level 2 and Level 1 peers to improve SOC Analyst capability. Finally, Level 2 members will work with the SIEM/SOAR Engineers to develop and refine use cases within Microsoft Sentinel focusing on emerging threats.

The SOC Analyst reports to the SOC Manager and works in conjunction with the other team members to keep projects delivered on time and within budget.

JOB REQUIREMENTS

Knowledge and Experience

To be successful in this position, a candidate should have at least two years of hands-on experience as a Level 2 SOC analyst leveraging Microsoft Sentinel, M365 Defender products, and Microsoft Defender for Cloud in production environments. Teamwork and collaboration skills will be critical for this role. The ideal candidate will have knowledge of and experience with the SOC framework and be confident in their ability to make recommendations to improve upon operations.

Certification Path

At a minimum, the Microsoft Security Operations Analyst (SC-200) and Microsoft Cybersecurity Architect (SC-100) certifications or the ability to get one within 180 days of being hired. Training materials provided and the cost of the relevant tests will be covered.

Within year one employment, one of the following or otherwise approved additional certifications will be obtained: ITIL, CISSP, GSEC, CISA, SEC+, CEH, CySA+, AZ-500, MS-500.

AREAS OF RESPONSIBILITY

The SOC Analyst must be able to perform the following duties unassisted or with some reasonable accommodation made by the organization:

Cybersecurity Operations:

• Cybersecurity Analysis, Detection and Response: 40%
  • Manage SOC event and information intake to include gathering intelligence reports, monitoring ticket queues, investigating reported incidents, and interacting with other security and network groups as necessary.
  • Continuously monitor network traffic and systems for security anomalies, intrusions, or breaches. Perform research and use systems and tools in places, such as SIEM, XDR, NAC, and other
  • Investigate Level 1 escalated Incidents.
  • Ensure SOC Triage Tagged Incidents are addressed in a timely manner using available reporting and metrics.
  • Monitor Level 1 Analyst performance investigating incoming Incidents using SOC-available tools.
  • Respond to attempted efforts to compromise security controls using documented procedures.
  • Participate in incident response exercises.
  • Coordinate with SIEM Engineers to tune Alerts and Events
• Cybersecurity Vulnerability and Threat Mitigation: 40%
  • Perform regular vulnerability assessments and security analyst of information technology systems.
  • Create reports showing risk and priorities and share findings with appropriate stakeholders and coordinate with them to implement security patches and other mitigation
• SOC process refinement and cross training: 20%
  • Improve SOC processes to elevate response efficiency.
  • Consult the organization on security tool improvements for customers.
  • Mentor Level 2/Level 1 Analysts to improve detection/analytical capabilities within the SOC.
  • Interview potential SOC resources and provide feedback.
  • Drive and monitor shift-related metrics processes ensuring applicable reporting is gathered and disseminated per SOC requirements.
  • Serve as shift subject matter experts on incident detection and analysis techniques providing guidance to junior analysts and making recommendations to organizational managers.
  • Track tactical issues in execution of SOC responsibilities.

Other

• Communicate effectively, both orally and in writing, to clearly express ideas and opinions.
• Demonstrates teamwork, is receptive to and acts upon input from others, is willing and able to compromise as needed, displays willingness to work with all firm employees, and willingly assists others.
• Demonstrates initiative and contributes new ideas; is self-motivated.
• Demonstrates flexibility; willing to adjust to changes, able to work with all levels of firm employees.
• Works with tight deadlines and under pressure.
• Always exhibits positive leadership characteristics to the team, both in terms of improving processes and procedures and being proactive about the nature and scope of the team’s work.
• Generates and maintains documentation on SOC procedures performed and publishes such materials as appropriate.
• Travels to any office location when needed, with at least a one (1) week notice.
• Willing and able to work extended hours and rotate on-call duties to ensure customer incident response.
• Performs other duties, responsibilities, and special projects, as requested.

EEO/AA Employer