IT Security Analyst III - RTC

IT Security Analyst III - RTC

Columbia, South Carolina

The Tier 3 Managed SOC Analysts primary function is to provide managed security operations center (SOC) analysis associated with customer monitoring activities through the processing and management of incident and request tickets, as they are assigned. Deeper dives into threat hunting are also in scope. The responsibilities include receiving and managing escalations from Tier 1 or 2 Analysts, customers, and other internal groups, as well as managing the full incident handling lifecycle with customers. The Tier 3 Analyst is expected to contribute to internal documentation and adherence to SLA targets and requirements. The role includes forensic log root cause analysis, and interfacing with clients and associates as needed to resolve complex cases. Tier 3 Analysts are expected to participate in, and contribute to planning and implementation of strategic and operational projects in efforts to achieve overall MSS goals. Tier 3 analysts are expected to be able to troubleshoot complex problems with little oversight, take ownership and work independently as needed to resolve customer issues.

Duties and Responsibilities:

Maintain Industry Training - This involves keeping up-to-date on security technologies, threats, and risk mitigation techniques

Maintain Knowledge of Current Threats - Keep up-to-date on current threats by regularly reading industry-related articles

Case Management - ensuring the case management process is handled efficiently in a timely manner by all SOC personnel.

SOC Activity Log -creating, reviewing, and maintaining entries, working with other analysts Report Creation - creating temporary or permanent reports for customers, as requested.

Customer Meetings - attending and/or leading customer meetings as part of incident response and incident handling

Training and Mentoring SOC personnel - Security Analysts are responsible for training new SOC employees; also responsible for training and mentoring existing SOC personnel on new technologies implemented by CenturyLink; also responsible for retraining SOC personnel, if necessary

Tuning - regularly performing tuning and filtering SIEM alerts and monitoring components to ensure only relevant security data is gathered

System Maintenance - assisting SOC Engineers with maintenance on security devices, as needed

Projects - May lead moderately complex security projects as assigned

Shift Responsibilities:

The Security Analyst is responsible for the following shift duties:

Daily Traffic Review - replaying traffic from previous shifts and reviewing customer reports to ensure potential security incidents were not missed by a Level 1 Analyst.

Report Run Verification - ensure customer reports run as scheduled

Improve their knowledge of the customer environment, intrusion detection, methodologies, and intrusion detection services with the support of on-going training from the analysts and self-study

Review SOC Activity log, cases and other monitoring tools for complete understanding of previous shift activities and incidents

Handle Tier 2 event incident response, case management, and customer notification

Ensure security devices contain up-to-date signatures libraries

Assist with engineering tasks as necessary

Train SOC Level 1 Analysts on new attack signatures and attack methodologies

Providing process and operational improvement suggestions

Review and update documentation (such as SOPs and TTPs)