Sr. SOC Analyst
We are seeking a Sr. SOC Analyst to join the Oracle+NetSuiteSecurity team responsible for securing systems, infrastructure, services anddata.
The Security Operations Center Analyst will use data collectedfrom a variety of information security tools and sources (including intrusiondetection system alerts, firewall and network traffic logs, and host systemlogs) to analyze events that occur within the enterprise, perform threatanalysis, and handle response activities related to potential securityincidents.
The candidate must be able to routinely evaluate prioritiesbased on the dynamic nature of the environment. The role requires closecollaboration with peers across multiple geographic regions to discuss issues,solutions, and investigations.
Partnership with multiple internal security,operations, and business teams is paramount for success and overall improvementof security operations.
Mentoring is highly encouraged to develop professionalrelationships and grow colleagues.
Respond to security potential incidents, draft comprehensive incident reports, document and execute lessons learned
Identify security events requiring immediate escalation and response
Document and communicate analysis of research and findings to peers and leadership
Monitor and analyze security events, networktraffic, and security alerts across the enterprise
Perform advanced analysis of security events and alerts
Correlate events from multiple sources during investigations
Assist with ongoing development and improvementof processes, detection capabilities, and response procedures to improveoverall SOC functions
Conduct investigations of potential intrusionattempts to determine remediation actions and escalation paths
Facilitate meetings to collaborate with internalteams to identify, resolve, and mitigate attacks and exploits
Perform incident response and handling following documented procedures
Track investigation activities during anincident, including identifying next steps, spanning across multiple shifts
Monitor external data sources to maintain awareness of threat condition and determine which security issues may have an impact on the enterprise
Lead a team of junior analysts
Required Skillsand Experience :
Knowledge of security controls including networksecurity technologies (IDS, IPS, firewall, WAF, and RASP), OS hardening, fileintegrity monitoring, authentication
Strong understanding of system and network security threats and vulnerabilities
Hands-on experience with TCP / IP and data packet capture analysis, networking fundamentals, common network services, network vulnerabilities and network attack patterns
Experience in security event monitoring and triage, incident response, and / or system / network auditing
Hands-on experience using SIEM for data analysisand EDR tools for response purposes
Familiarity with network and endpoint securityapplications and tools including network scanning tools, NIDS / HIDS, firewallsand web proxies
Self-motivated, excellent analytical and problemsolving and critical thinking skills
Exercise sound judgement calls for investigativepurpose, including making the determination to close a case
Ability to proactively and clearly communicatewith other technical and non-technical teams during investigations, lessonslearned, and to learn about the environment
Experience writing detailed incident reports andupdates on a regular basis
2+ years leading a team of analysts
5+ years as a SOC Analyst
10+ years in Information Technology preferablyas a security engineer, system administrator, or network engineer
Bachelor’s degree in Computer Science,Computer Engineering, MIS, or relatedfield
Effective time management skills bycompleting assignments or delivering updates within required deadlines
Preferred Skillsand Experience :
Experience with Linux system administration, scripting, log parsing, vulnerability assessments / penetration testing, or vulnerability management
Scripting, programming knowledge and experience
Familiarity with industry recognized frameworksincluding but not limited to MITRE ATT&CK, ADS, NIST 800, and CIS
Recognized industry certification and / orcontinuing education programs are a major plus including GCIH, GCIA, CISSP,GCFA, GMON, GREM, GNFA
Advanced understanding of Unix & Windows functionality,access control, event logs and monitoring; application and network security
Working knowledge of forensics, incidentresponse and threat hunting methodologies for a cloud service provider
Detailed Description and Job Requirements
Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.
Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems.
Maintains the company’s firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical / business skills in area of specialization.
Prefer 8 years relevant experience and BA / BS degree.
As part of Oracle's employment process candidates will be required to successfully complete a pre-employment screening process.
This will involve identity and employment verification, professional references, education verification and professional qualifications and memberships