Security Operations Center, Cyber Kill Chain Framework, Security Operations, OSCP, Cyber-security, Operations, Burp Suite, Penetration Testing, Application Security, Hypertext Transfer Protocol (HTTP), Amazon Web Services (AWS), Information Security Analysis, Security Analysis (Securities)
Job description
About Us
Cloudtrace specializes in providing offensive and defensive cyber security services for public cloud environments. We are an AWS, Azure and GCP consulting partner and are accredited by the PCI Security Standards Council as a Qualified Security Assessor Company (QSAC). Our service offerings include penetration testing, red teaming, managed security services, digital forensics and incident response.
The Role
We are looking for a SOC Analyst to become part of our rapidly expanding team protecting our clients from cyber security threats. This is primarily a blue team role with additional exposure and involvement to penetration testing techniques and tools in order to validate security exposures detected by our attack surface management platform.
Our philosophy is that solid defense requires intimate knowledge of offensive tactics, with our managed security service designed to ensure our analysts are across the latest attack techniques. This approach, combined with our cloud security expertise allows us to provide our clients with the highest level of protection for their digital assets.
You will get the opportunity to work with government, start-up and enterprise clients as part of a passionate and experienced security team; You will also be provided with training and support for Offensive Security Certified Professional (OSCP) certification if that is not yet held.
Note: This role will require candidates to perform duties on a 24/7 shift rotation basis.
Your Responsibilities
We monitor our clients systems both internally and externally to ensure we provide proactive response to potential security issues and detect any threats that have breached security controls.
A best of breed cloud-based SIEM is used to ingest and analyze events from client environments, in which we use our cloud security knowledge in conjunction with the MITRE ATT&CK Cloud Matrix to detect attacks from highly skilled adversaries. In this roll you will respond to alerts within our established SLAs and investigate complex attack chains to ensure breaches are rapidly discovered and contained.
Our attack surface management service includes hourly reconnaissance and exposure testing across our client internet attack surface. Using penetration testing techniques, you will also review new endpoints discovered by our platform and validate any security exposures as soon as they are detected.
Your average day will include the following activities:
Investigation and response to client SIEM alerts
- Ownership through to resolution of managed SIEM alerts
- Liaison with clients to provide updates on investigation status
- Incident closure once appropriate action has been taken
- Tuning of client SIEM rules to reduce false positive rate
Monitoring of client digital attack surface exposures
- Ownership through to resolution of customer impacting exposures
- Liaison with clients to provide updates on exposure status
- Escalation to senior resources for complex exposures
- Closure of exposures once appropriate action has been taken
- Review of new assets discovered by the attack surface management platform
Client report writing
- Issuing of periodic cyber security reports for managed service clients
Managed security service projects
- Onboarding of new clients to managed services platforms
- Integration of new log sources for existing managed SIEM clients
- Development of managed incident response playbooks
- Other cyber security project work as required
Your Experience
3+ years experience as a SOC analyst, Penetration Tester, or relevant field
Your Skills
The following technical skills are required to fulfil the responsibilities of the role:
- Understanding of common internet protocols (e.g. TCP/IP, DNS, HTTP, TLS)
- Knowledge of common web application security vulnerabilities
- Ability to analyze intercepted HTTP requests and identify basic security issues
- Familiarity with public cloud environments (e.g. AWS, Azure and GCP)
- Familiarity and demonstrated understanding of the Cyber Kill Chain and/or MITRE ATT&CK Framework
- Understanding and experience working with SIEM and Vulnerability management tools
- Proficiency with common penetration testing tools (e.g. Burp Suite, Kali Linux, Metasploit)
- Strong understanding of Windows, UNIX, and Linux Operating Systems
- Formal training and certification in an IT security related area, OSCP, SANS, CompTIA is desired but not essential
