Security Operations Center Analyst

Splunk SOC Analyst 1, 2 and 3(on-call, as needed for shift coverage )

US Citizenship Required.

Location: US-based, remote.

We are seeking Security Operations Analysts, Tier 1, 2 and3 - flex resources to fill-in for our full-time staff, as needed for shift coverage in our 24x7 SOC operations. This is ideal for someone working a full-time job who is looking to pick up extra shifts. Potential shifts are as follows:

Weekdays (M-F):

1st shift 8 am-4 pm

2nd shift 4 pm -12 am

3rd shift 12 am-8 am

Weekends (Saturday/Sunday-starts Friday at midnight):

4th shift: 12 am -12 pm

5th shift: 12 pm -12 am-hands over to 3rd shift Sunday night/Monday morning

______________________________________________________________

The SA3 is the final level of internal escalation for incident response on the MDR Operations team. As a Security Analyst Level 3 in the TekStream Managed Detection and Response (MDR) environment, they act as a liaison between security operations and engineering to advance our practice and drive us towards growth. There is a particular emphasis on the ability to identify Indicators of Compromise (IOC) and correctly recommend remediation; productively, efficiently, and with a high degree of accuracy. This core skillset is extended to include the guidance of SA2 and SA1 incident response. Related is the ability to leverage the technologies that are central to the TekStream MDR solution.

Role Responsibilities

1. Lead the response to escalated security incidents, providing advanced analysis and mitigation strategies.
2. Mentor and guide SA2 and SA1 in incident response procedures and techniques.
3. Conduct in-depth analysis of security incidents to understand the root cause and impact.
4. Collaborate with cross-functional teams to coordinate and execute incident containment and eradication.
5. Communication of threats and recommended remediation with customer Points of Contact (POC).
6. Develop and maintain incident response playbooks to ensure consistency in handling incidents.
7. Assist in the continuous improvement of security monitoring and detection capabilities.
8. Participate in on-call rotations to provide 24/7 incident response support.
9. Conduct post-incident reviews to identify lessons learned and areas for improvement.
10. Stay abreast of the latest cybersecurity threats, vulnerabilities, and industry best practices.
11. Work closely with customers and internal teams to provide expert guidance on security-related matters.