Soc Analyst - Remote

Soc Analyst - Remote

Posted 1 week ago by 1750937424

Apply
Negotiable
Outside
Remote
USA
Apply
Automation Azure Active Directory Cyber Incident Response Domain Name System (DNS) Servers Elastic (ELK) Stack LESS Linux Management Microsoft 365 Microsoft Azure Microsoft Windows Multi-Factor Authentication Network Security Oracle Linux Python (Programming Language) Scripting Security Administration Security Assertion Markup Language (SAML) Single Sign-On (SSO) Stakeholder Management Tanium (Endpoint Management Software) Vulnerability Vulnerability Management Windows PowerShell Windows Security Workflows Zabbix

Summary: The SOC Analyst role focuses on core Security Operations Center functions, particularly incident response, including detection, triage, containment, remediation, and post-incident reporting. Analysts will manage incidents end-to-end and collaborate with internal and external stakeholders while contributing to daily security administration across various systems. Strong communication skills and a proactive mindset are essential for success in this position.

Key Responsibilities:

  • Manage incidents end-to-end, including detection, triage, containment, remediation, and post-incident reporting.
  • Contribute to day-to-day security administration across systems such as CrowdStrike, Microsoft Entra, Duo, and Cisco Umbrella.
  • Identify and act on opportunities to improve the overall security posture.
  • Interface with both internal and external stakeholders as needed.

Key Skills:

  • CrowdStrike EDR: Investigation, alert triage, threat hunting.
  • Core Security Mechanisms in Windows.
  • Security Principals and Security Identifiers.
  • Access Tokens.
  • Security Descriptors, DACLS/Discretionary Access Control, Access Control Entries (ACEs).
  • Windows Privileges.
  • Kerberos and NTLM.
  • Windows security administration.
  • Basic Linux skills.
  • Basic scripting or automation skills (e.g., PowerShell, Python).
  • Microsoft Entra ID, including role-based access, MFA, SSO troubleshooting.
  • Familiarity with Cisco Duo or Microsoft MFA systems.
  • Basic knowledge of SSO (SAML) and troubleshooting auth integrations.
  • Strong communication skills.
  • Ability to work independently and write concise documentation.
  • Familiarity with incident coordination as part of a CSIRT/SOC function.

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Job Description

These analysts will be responsible for core SOC functions, with a strong focus on Incident Response including detection, triage, containment, remediation, and post-incident reporting. Candidates must be capable of managing incidents end-to-end and interfacing with both internal and external stakeholders as needed. Beyond incident response, the role includes contributing to day-to-day security administration across systems such as CrowdStrike, Microsoft Entra, Duo, and Cisco Umbrella. Analysts are expected to identify and act on opportunities to improve the overall security posture. All resources will report into the SOC and be functionally managed . Strong communication skills, the ability to work independently, and a proactive mindset are essential.

REQUIRED SKILL SET

  • CrowdStrike EDR: Investigation, alert triage, threat hunting.
  • Core Security Mechanisms in Windows: The IT environment is primarily windows. Candidates should have functional knowledge of core windows security mechanisms.
  • Security Principals and Security Identifiers
  • Access Tokens
  • Security Descriptors, DACLS/Discretionary Access Control, Access Control Entries (ACEs)
  • Windows Privileges
  • Kerberos and NTLM
  • OS & Core Platform Skills:
  • Windows security administration.
  • Linux OS security administration. This is a much small part of the environment and less critical. Basic Linux skills are sufficient.
  • Basic scripting or automation skills (e.g., PowerShell, Python).

Network & Identity:

  • Microsoft Entra ID (formerly Azure AD), including role-based access, MFA, SSO troubleshooting.
  • Familiarity with Cisco Duo or Microsoft MFA systems.
  • Basic knowledge of SSO (SAML) and troubleshooting auth integrations.

Soft Skills:

  • Strong communication skills, especially for status updates and external stakeholder interactions.
  • Ability to work independently and write concise, high-quality documentation.
  • Familiarity with incident coordination, ideally as part of a CSIRT/SOC function.

DESIRED SKILLS

DNS Security, preferably Cisco Umbrella.

Familiarity with Palo Alto firewalls and general network security principles.

Experience with log aggregation and monitoring platforms (e.g., Zabbix, ELK).

Experience with vulnerability management workflows.

Familiarity with Tanium and manual patching or software remediation.

Apply
Similar Jobs
Loading data...