Job Information
Crown Castle USA, Inc. Security Operations Center Analyst - Tier III (SOC) - SECUR011320 in Canonsburg, Pennsylvania
Security Operations Center Analyst - Tier III (SOC) - SECUR011320
DESCRIPTION/RESPONSIBILITIES: Position Title: Security Operations Center - Tier III (P4)
Role Under the leadership of the Manager, Security Operations Center (SOC), the SOC Analyst -- Tier 3 (SOC3) will ensure delivery of the highest level of service in the support of conducting security event monitoring and analysis as well as incident response. Responsibilities will include the day-to-day (24x7) operations to include the application of analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. The SOC3 will also work other SOC and threat management staff with development and enhancement of existing detection and response capabilities including creation of SIEM content, IDS rules, SOP documentation, and implementation of security platform controls and incident response methodologies.
Essential Job Functions * Perform operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from SIEM monitoring tools, network and host-based intrusion detection systems, firewall logs, system logs (Unix & Windows). * Conduct active and passive analysis of network traffic, operating systems, and host activity across all technologies and platforms, through security tools and sandbox environments. * Perform incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts. * Design, deploy, and validate automations. * Design, deploy, and validate security configurations. * High understanding of processes related to threat correlation and mitigation. * Process SOC tickets as well as assist in processing IT Security Help desk tickets. * Responsible for responding to security incidents (malware infections, unauthorized access, malicious emails, DDoS attacks) and elevating to Threat Management team as needed. * Analyze security event logs and alerts to determine validity, priority and impact against both security threat best practices and corporation policies. * Evaluate the type, nature and severity of security events with a range of security event analysis tools. * Works with Senior Enterprise Security staff as well as the Computer Security Incident Response Team on a day-to-day basis. * Experience leading as an Incident Response Commander * Documenting security investigations through standard procedures: Recording full SOC Analyst response through remediation actions Completing a security AAR Completing a risk assessment as required * Experience organizing and conducting Threat Hunting campaigns. * Assist in defining and maintaining protocols and maturing 'playbooks' of operational response to cyber threats. * Develop and maintain policies, processes, and procedures to ensure reliable and effective SOC operations. * Collaborate across organizational lines and develop depth in cyber security discipline and technologies
Education/Certifications * Bachelor's degree in IT or Computer Security or comparable years' experience. * Have or working towards at least one of the following certifications: CISSP, CCE, PMP, GSEC, CCNA Cyber Ops, CISF-GIAC Information Security Fundamentals, CISM, CRISC, Security+, CEH and GISF
Experience/Minimum Requirements * 5+ years of experience in IT Security monitoring * Tier 3 incident response experience * Experience in SIEM event auditing, log review, threat hunting, and incident response * IT experience in SIEM with a concentration on Linux. Windows and Linux System administration preferred * Monitor and access applications, systems, and tools that retain all or some data related to customers, financial information, or personally identifiable information (PII). Subject to local and state eligibility, a pre-employment background check will be conducted for crimin l convictions, including misdemeanors and felonies related to fraud or violence. A credit check may also be conducted.
Other Skills/Abilities * Demonstrates a profound sense of ethics, integrity, and confidentiality * Finds common ground and viable solutions to complex problems in a compelling manner while maintaining a professional composure * Influences across a diverse discipline in a collaborative, risk aware manner * Organized, responsible and highly thorough problem solver * Proven ability to create and build new processes * Great verbal and written communication skills and attention to detail * Self-starter who can work independently as well as in a team setting * Works well with people from different areas of the business * Ability to simplify complex technical topics * Ability to learn, understand, and apply new technologies * Ability to design and implement effective policies to achieve consistent team results. * Demonstrates a "learning agility" to remain current in subject matter expertise * Experience documenting enterprise security events * Navigate ambiguity; Is adaptable to, and champions change * Giving and receiving effective feedback across all interactions
Organizational Relationship Reports to: Manager, Security Operations Center
This is a remote role with the expectation of on-site/in-person collaboration with teammates and stakeholders for moments that matter and may require up to 5% travel.
The hiring range offered for this position is $130,000 - $140,000 annually. In addition to salary, employees are eligible for an annual bonus of up to 20% of annual salary and restricted stock. Employees (and their families) are eligible for medical, dental, vision, and basic life insurance. Employees are able to enroll in our company's 401k plan. Employees will also receive 18 days of paid time off each year and 12 paid holidays throughout the calendar year.
Pursuant to the Los Angeles County and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
Equal Opportunity Employer-minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity