Intermediate SOC Analyst to provide support against intrusion detection, malware infections, DDOS attacks, privileged account misuse, and network intrusion for a solutions integrator client
Our valued solution integrator client is seeking an Intermediate SOC Analyst to provide support against intrusion detection, malware infections, DDOS attacks, privileged account misuse, and network intrusions!
Initial 3-month contract in Ottawa, ON with strong possibility of extension. 7 hours/day, Monday to Friday (35 hours/week). Hybrid in Ottawa, ON (100% remote candidates will be considered as well).
- Respond to security events, such as intrusion detection, malware infections, denial of service attacks, privileged account misuse and network intrusions.
- Configure and monitor Security Information and Event Management (SIEM) platform for security alerts within both cloud-based and on-premises environments.
- Proactively analyze suspicious events, network anomalies and other potential threats to determine validity, impact, scope and recovery options.
- Integrate and work with the organization's Managed Security Services Provider (MSSP) services staff to guide and manage decisions related to alerts.
- Use automated malware analysis tools to determine threat impact and taking actions appropriately.
- Improve the service level for security operations and monitoring; create and maintain system documentation for security event processing; expand the usage of security monitoring tools to improve the security of the environment based on business use cases or changes in threat landscape, root causes from security incident response, or output from security analytics.
- Perform duties related to installing MFA (Multi Factor Authentication) on users' machines and helping users with general onboarding.
- Perform software installation as needed on user machines for security related software.
- Guide new employees and contractor onboarding process by working with individuals to setup access and follow prescribed procedures
- Help develop run books and document technical security procedures.
- 4+ years of experience in an Security or Network Operations Center (SOC/NOC) / monitoring environment.
- Experience working with SIEM technologies (e.g., ArcSight, QRadar, Splunk, Azure Sentinel, etc.) or Managed Security Service Providers (MSSP).
- Relevant certifications from GIAC such as GCIH or GISP
- Other relevant industry certifications such as GSEC, GMON, CISSP, or OSCP