IT Security - SOC Analyst

About Citco

For decades, industry publications have recognized our leadership in service and innovation. These accolades are a reflection of our drive to push ourselves and our industry forward.

With strategically positioned global offices ,we offer opportunities for graduates and seasoned professionals to work across the world. Careers at Citco can span continents.

For more information about Citco, please visit www.citco.com

About the Business Line

The SOC Analyst’s primary responsibility is to determine what alerts or abnormal activity represents a real threat to Citco assets and data, by performing threat identification, containment, eradication, analysis and reporting. The SOC Analyst achieves this by working with threat protection solutions like:

• Security Incident and Event Management (SIEM)
• Endpoint Protection (EPP)
• Endpoint Detection & Response (EDR) systems
• Email Threat Protection (ETP) platforms
• Security Orchestration, Automation and Response (SOAR) platform
• Intrusion Prevention Systems (IPS) or NGFW’s
• Others

The SOC Analyst is expected to understand fundamental networking and security principles as well as be familiar with common network and endpoint security threat protection solutions. A strong candidate will have a proven understanding of current cyber threats, threat intelligence and an understanding of attack trends relevant to an enterprise environment.

The SOC Analyst must be competent to work at a high technical level, have a good understanding of threat routes/pathways, identification of potential/active threats, and understand how threat vectors can impact the environment.

• Monitors and analyzes Intrusion Prevention Systems (IPS) and Security Information and Event Management (SIEM) to identify security issues for remediation
• Performs network and endpoint security monitoring and incident response
• Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies
• Creates, modifies, and updates Security Information Event Management (SIEM) rules
• Escalates alerts regarding intrusions and compromises to the network infrastructure, applications and operating systems.
• Assists with analysis of threat data obtained from proprietary and open source resources to provide indication and warnings of impending attacks against networks within the relevant vertical
• Prepares briefings for SOC Manager and reports of analysis methodology and results
• Creates and maintains standard operating procedures and other similar documentation
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty
• Work independently with or without direction and/or supervision
• Demonstrate effective teamwork and working relationships with others, both from CITCO and security vendors
• Other projects and responsibilities, as assigned by direct supervisor

• 2 to 4 years of experience in an in-house Security Operations Center team, or in an Security Consulting firm with an understanding of networking principles in a global environment across multiple data centers
• Candidates must be able to work a flexible schedule within a 24x7x365 Security Operations Center (SOC) environment, as well as may be expected to work holidays.
• A strong candidate is expected to have some or all of the following traits:

1. Excellent analytical and problem-solving skills and interpersonal skills to interact with team members and upper management
2. An understanding of cyber security incident response and network security monitoring
3. Fundamental understanding of computer networking (TCP/IP), knowledge of windows, Linux and palo alto operating systems and information security principles
4. Knowledge of intrusion detection/prevention systems (IDS/IPS) and SIEM technologies in an enterprise environment
5. Good knowledge of endpoint protection (EPP) and endpoint defense and response (EDR) solutions
6. Drive to learn and a desire and motivation to achieve IT security related certifications