Ostra Cybersecurity is a next-generation MSSP combining best-in-class tools, proprietary technology, and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes. We provide our clients with a multi-layered, 360° solution that allows them to “set it and forget it”. For more information, visit www.ostra.net.

We are hiring one or more Security Operations Center (SOC) Analysts for our Support Team.

As a Security Operations Center (SOC) Analyst, you will work with our security support team to monitor, detect, assess, report, and remediate cyber incidents impacting our customer’s business operations. You will primarily aid in security response, triage, security tool deployments, and follow-up.

Our team of experienced Network and Security Engineers are creative problem solvers, agile thinkers, threat hunting ninjas, and overall smart people striving to create an atmosphere that encourages collaboration, selfless teamwork, and is always learning and moving forward.

Join our team if you want more influence over how work is done, to collaborate with other highly skilled professionals, challenge assumptions, and continuously evolve your security knowledge!

Responsibilities:

• • Classify security incidents and determine their severity.
  • Investigate security incidents, including analysis of data and systems, to determine the cause and outcome.
  • Create playbooks that can be used by the SOC team to respond to similar incidents in the future.
  • Maintain playbooks to ensure they are up-to-date and effective.
  • Threat hunting and forensic analysis, leverage sound DFIR methodology to creatively find new and unusual threats and use malware analysis and endpoint/network/memory forensics to determine the reach of a threat identified.
  • Identify and digest threat data from various open and closed sources, correlating it against environmental context to produce threat intelligence. Validate for actionable items and take appropriate actions to mitigate risk.
  • Incident handler with experience handling sensitive/need-to-know incidents. Understanding of CSIRT best practices and Ostra’s incident response model and will adapt both as appropriate to resolve specific incidents. Coordinate with external teams to get the support needed for incident closure.
  • Constantly improve DFIR processes and procedures to improve speed and accuracy.
  • Understand, use, monitor, and optimize existing SIEM rules and SOAR processes. Continuously look for opportunities to improve detection accuracy and reduce false positive alerts, and for ways to accelerate or automate response processes.
  • Propose and develop new use cases and playbooks/SOPs recurring incidents and incident tasks and identify and onboard new data sources to support new threat detection and response use cases.
  • Assist with operation, configuration, monitoring and tuning of an enterprise SIEM platform, including log collection specifications and infrastructure, and data source onboarding.
  • Collaborate with technical and business experts from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, Corporate Investigations.
  • Support during on-call rotation and off hours as required by the business.
  • Escalation point for a global 24x7x365 SOC environment

Requirements:

• • Bachelor’s degree in a related field or equivalent experience.
  • 5+ years' experience as a SOC Analyst, or a Network Analyst with security scope, preferably in a large enterprise environment
  • Experience in working with a geographically diverse team in multiple time zones around the globe.
  • Deep understanding of the ATT&CK matrix, with demonstrated experience building use cases and SOPs around the TTPs most relevant to your business.
  • Proficient technical writing skills (documenting processes and procedures).
  • Ability to solve problems and work through ambiguity and uncertainty.
  • Proficiency in common scripting languages such as PowerShell, Bash, Python, etc.
  • Proficiency with one or more SIEM query language
  • Working knowledge of TCP/IP protocols, windows event logs, *nix audit logs, IDS alarms
  • Experience configuring, tuning, monitoring, and supporting SIEM log collection and indexing infrastructure.
  • Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners.
  • Expert level understanding of common and emerging security threats and vulnerabilities
  • Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast-moving industry.
  • Industry security certifications such as CISSP and relevant GIAC certifications
  • Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.
  • Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.
  • Also nice to have experience with Python, Ansible, Network Traffic Analysis, and Intrusion Detection

Ostra Cybersecurity is committed to the recruitment and selection of candidates without regard for sexual orientation, gender, ethnicity, age, political beliefs, culture, and lifestyle. We are committed to fostering a business culture that reflects these values and promotes equal opportunity.

Learn more about Ostra Cybersecurity at Ostra.net, and more about our benefits and company culture at Ostra.net/careers