SOC Analyst I

Company Overview

ProCircular is about relationships and trust. We provide organizations with practical expertise and guidance to manage risk, improve security readiness, meet regulatory commitments, and continually address the latest cyber threats.

People are at the center of our philosophy, and quality is the cornerstone. We build trust by being approachable, realistic, and unbiased. Each client's unique goals guide our work; every project produces a tangible result and a clear roadmap. We're passionate about cybersecurity, serious about quality, and built around people.

Not only are we an incredible company doing extraordinary things, but we care about our employees and encourage an innovative and open environment offering excellent and even some unique benefits for our team members.

Position Summary

This position is responsible for conducting the technical aspects of response operations for critical events. These operations include immediate containment, investigation, and management of remediation actions, as well as enhancing defenses with the new knowledge acquired throughout the response process. This role requires the ability to develop skills on multiple security products and work closely with the staff of higher tiers, service delivery, and clients to provide ongoing communication of status and timely response to tickets.

To perform this job successfully, an individual must be able to perform each essential job function satisfactorily. The lists below represent this position's required and preferred knowledge, skill, and abilities.

Essential Job Functions (include but are not limited to the following)

• Review the latest alerts to determine relevancy and urgency.
• Create new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review.
• Eyes on glass monitoring of security incidents within established customer Service Level Agreements.
• Assist as required in the remediation of critical information security incidents.
• Review trouble tickets generated by other team members.
• Review and collects asset data (configs, running processes, etc.) on these systems for further investigation.
• First responder to security event escalations via email, phone, and ticket.
• Communicate positively with clients and escalate any issues and messages accordingly.
• Manage and monitor assigned security platforms while following established procedures.
• Complete assigned projects on time and with excellent quality.
• Practice continual self-improvement through education, training, and certification.
• Write documentation for tasks, procedures, and knowledgebase articles needed to support the understanding and efficiency of SOC services.
• Assist with determining client needs and obtaining clarification as required to appropriately triage client requests to the appropriate resource.
• Flexible on-call as needed to support 24/7/365 security operations.
• Operate with integrity and accountability.
• Uphold the values of ProCircular and abide by the Company handbook.
• Other duties as assigned.

Position Requirements 

The requirements listed below represent the knowledge, skills, and abilities required. Employees who do not possess the requirements for a job at the time of hire will not be considered for the position. Reasonable accommodations may be available for individuals with disabilities to perform essential functions.

Required Skills and Experience:

• Knowledge of SOC solutions (EDR, SOAR, SIEM).
• Knowledge of core security devices such as firewalls, network, and host-based intrusion detection systems, web applications, AV, WAF, Proxy, and operating system logs.
• Ability to interpret IOCs.
• Develop and maintain content and reporting.
• Technical-minded and driven.
• Experience with Windows and Linux.
• Experience with network technologies and systems, security, and network monitoring tools.
• Thorough understanding of the latest security principles, techniques, and protocols.
• Capable of working effectively independently and in a team environment
• Must be self-motivated, goal and detail-oriented
• Flexible and adaptable to changing work environment
• Ability to prioritize multiple tasks and manage time efficiently
• Communicate positively with clients and escalate any issues and messages accordingly
• Must be able to use Microsoft Office Suite efficiently
• Proficient in at least one programming and scripting language (i.e., Python).
• Basic Firewall rule and policy fundamentals
• Good written and oral communication skills
• Natural curiosity to get to the root cause
• Ability to remain calm under pressure.
• Experience working with customers via the phone.

Desired Skills and Experience:

• Experience with various Cybersecurity products including but not limited to SIEM, SOAR, EDR, and XDR.
• Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Experience working with internal and client ticketing and knowledge base systems for Incident and Problem Tracking, as well as procedures. (i.e. Jira, Confluence, etc.).
• Experience writing suppression and detection rules.
• Knowledge of Active Directory Environments.
• Knowledge of Linux and Windows Operating Systems.
• Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Understanding various server-grade applications such as DBMS, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others.
• Prior experience working with container-based technologies such as Docker and Kubernetes.
• Prior consulting experience.

Desired Education and Experience:

• Degree in Computer Science, Cybersecurity or related field or equivalent experience.
• 1+ years of professional experience in a Security Operations Center
• Security certifications are a plus (ex. Sec+, CySA+, GCIH, ECIH.)

Language Requirements:

The primary language of ProCircular is English. Excellent communication skills are required, defined as the ability to:

• Actively listen for total comprehension
• Ask questions that enhance the understanding of a particular topic
• Relay information and instruction descriptively and understandably in both written and verbal format

Reasoning Ability Requirements:

High-functioning, reasoning abilities are necessary to meet deadlines, prioritize company and customer needs, and work in a high-functioning collaborative team environment.

Physical Requirements:

Occasional lifting up to 40 lbs. may be necessary from time to time. Must be able to sit for long periods, view a computer monitor, and type frequently/constantly (up to 8 hours a day).

Employment Status

Exempt

Full Time

Supervision Requirements

This position does not have supervisory responsibilities.

Performance Expectations

All teammates are evaluated at least annually on their performance based on the essential job functions in this job description, along with ProCircular's Core Values:

It's about people

• People define every part of our business. Growth potential is based on the abilities and personalities of the people involved. Technology solutions are a part of the equation, but it's the people in an organization that define its true security. We work hardest when we're supporting one another. We take care of each other; we take care of our families, and in doing so we take better care of our customers.

Fear is the mind killer

• We don't let fear define the need for our services and we don't present a problem without discussing realistic response or mitigation options. There's more than enough to worry about in life and plenty of people telling us to be afraid. We're solutions people, not fear mongers.

Strong opinions lightly held

• Opinions are important—they coalesce facts, reason, experience, and judgment into actionable points of view. We present our opinions with logic and reason rather than emotions, offering several alternatives to each challenge and the supporting data. The rejection of an idea is not a rejection of the individual or their merit. Everyone has a voice and a chance to speak, regardless of title, station or seniority.

Quality over speed, speed over cost

• Every organization must consciously balance quality, speed, and cost. We will always put the quality of our work first. We make great efforts to move quickly, but never at the expense of quality. While we strive to keep our services affordable, we never choose an inexpensive alternative that will adversely impact quality or speed.

Cool heads, warm hearts

• We keep a cool head and help others do the same, especially in a crisis. We approach adversity with patience, logic, and understanding. Mistakes happen; we don't hide, ignore, condemn, or fear them. Mistakes are opportunities to exemplify honesty, accountability, professionalism, tolerance, and grace. Instead of pointing a finger, we use humor, empathy, and fun when it matters most.

R-E-S-P-E-C-T

• We treat each other how we hope to be treated. We don't yell; we aren't condescending, and we always try to understand the other person's perspective, before reacting to it. We keep it light and we listen. We extend this principle to our customers, and we understand that talking down to them is the easiest way to send them to a competitor.

Tomorrow just happened

• Life is what happens when we're busy making other plans. We work hard on today but we're always thinking about the future. We take extra time to make sure we're learning and looking ahead. No matter what your discipline or area of expertise, you're adding your capabilities to the long-term plan for the organization and its clients.