SOC Analyst - Tier II
eSentire is on a mission to hunt, investigate and stop cyber threats before they become business disrupting events. We were founded from the premise that if you can't find a solution, you build it. Entrepreneurship and innovation are in our DNA. Our culture is based on transparency, candor, and resiliency. At eSentire, continuous improvement isn't an option. It's expected.
Join our team and build your cybersecurity career in one of the world's most dynamic industries.
The Global Security Operations Centre (GSOC) is central to eSentire’s Service Delivery Organization (SDO). This organization delivers comprehensive security services to clients worldwide on a 24x7 basis. The successful candidate will perform Tier II security analysis tasks across network, endpoint, log and cloud security in a fast-paced and dynamic environment.
Tier II Responsibilities
In addition to the Tier 1 responsibilities listed below, Tier II SOC Analysts are also responsible for the following;
- Completing more complex high priority/escalated client support tickets
- Participating in Incident/Breach response investigations and deliver incident response reports and after-action reviews
- Work on various internal projects/initiatives such as UAT of new SOC tools, working cross functionally with other teams/departments as a stakeholder for the Service Delivery Organisation
- Writing or providing input to our Learning and Development team on KB Articles or training content
- Delivering training modules and conducting assessments with new hires
- Ongoing mentoring and coaching of Tier I Analysts
- Participating in Quarterly Service Reviews (QSRs) with our Customer Success Team providing technical input from the SOC where necessary
- Secondary review and approval of permanent signal filters, Global Blacklist IP Nominations and high priority client alerts
- Critical Event Reviews – performing secondary audits of selected signals and following up with analysts and clients as necessary
Tier I Responsibilities
- Analyse incoming security signals in real time with a balance of accuracy and speed using a variety of forensic tools
- Apply investigative tools, techniques and procedures (TTPs), use your understanding of the security threats associated with the incoming signals and follow defined Runbooks to determine and execute the relevant actions
- Perform whitelisting/filtering of false positive signals
- For confirmed true positive signals, you will alert clients using defined templates and escalate high priority alerts to clients by phone
- Block malicious network traffic and isolate infected hosts on customers networks
- Add malicious IOC’s to eSentire’s Global Blacklist for all customers where appropriate.
- Complete basic-intermediate client support requests/queries assigned by the operations lead. Work directly with clients via email/phone as needed to complete these tasks
- Handle some service administration and troubleshooting tasks
- Relevant degree in Computer Science, IT Security, IT Management, IT Support or related discipline. Completed course must include a strong focus on networking and security.
- 3+ years’ full-time experience in a Security Operations Centre or similar Cyber Security Analysis role excluding time spent on an intern or work experience program
- Hands on experience in at least one of the following Security domains;
- Network Security including Intrusion Detection Systems (IDS)
- Windows Endpoint Security, using EDR products such as VMware Carbon Black Response/Threat Hunter, Crowdstrike Falcon or Microsoft Defender ATP.
- SIEM/Log Management, using products such as SumoLogic, Splunk or similar
- Knowledge and experience of network and endpoint security technologies including;
- Snort/Suricata, Packet Capture (PCAP) Analysis using Wireshark
- Windows system internals, knowledge of PowerShell
- Linux Kernel and basic scripting (Bash/Python) knowledge
- Analytical mind with strong attention to detail and a commitment to quality of service
- Strong customer facing written and verbal communication skills with the ability to effectively communicate complex security concepts with end customers
- Demonstrated experience to confidently handle escalated client issues, diffuse challenging situations and deliver an optimal customer experience
- Natural ability to thrive in a fast-paced and time sensitive environment
- Ability to work in an operational/shift-based environment with flexible working hours to include evenings and weekends
- Industry Certificates such as CompTIA Network/Security+, CEH, CCNA CyberOps or others are desirable
Why a Career with eSentire?
Our Culture: At eSentire we work in a collaborative and innovative work environment. We work with brilliant and passionate people who strive and encourage others to do their best. eSentire’s idea-rich environment welcomes creative and sometimes unconventional perspectives!
Growth Opportunities: At eSentire you will have the opportunity to grow and make an impact from your work. We encourage innovation in all who become a part of our team. With growing operations internationally, there are many lateral and upward advancement opportunities for rewarding and developing careers with eSentire. We’re strong believers in continuing education and provide the resources that you need to continue learning.
Employee Perks: We provide breakfast, snacks and refreshments (at our physical office locations in Waterloo, London, and Cork), flexible working hours and vacation, company-wide equity and bonus programs, subsidies for continuing education and health & wellness, and attractive compensation and benefits plans. We make it our obligation to the team to stay current with compensation trends in the tech field!
We thank all applicants in advance for applying. Only individuals selected for interviews will be contacted.
eSentire is committed to creating a fair work environment that is aligned with the Accessibility for Ontarians with Disabilities Act (AODA). We guarantee equal treatment and provide opportunities regardless of race, creed, color, religion, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, status as a protected veteran or any other legally protected grounds and will not discriminate on these basis. If you have any accessibility requirements during the recruitment process, please reach out to our HR team at email@example.com and any accommodation needs will be addressed upon request.
- Job Family Security - Internal
- Pay Type Salary
Something looks off?