Staffmark
Position: Senior SOC Analyst/ Developer
Work Location: Irvine, CA (Onsite)
Hours: Standard Time Mon-Fri 7:00AM - 4:00PM/11:00AM-8:00PM : Daylight Saving Time (Summer Time) Mon-Fri 8:00AM - 5:00PM/12:00PM - 9:00PM
Overview:
A global leading service provider in cybersecurity solutions is seeking a highly skilled and experienced Senior SOC Analyst with a strong development background to join the Security Operations Center (SOC) team. This role is pivotal in enhancing our security posture by not only performing in-depth monitoring and analysis of security events but also by developing and optimizing the tools and content that drive our detection and response capabilities. The ideal candidate will be a proactive problem-solver with a passion for cybersecurity, capable of translating security requirements into robust technical solutions.
Essential Duties and Responsibilities include but not are limited to:
• Perform advanced monitoring, analysis, and triage of security events and alerts generated from various security tools, with a primary focus on SIEM (Security Information and Event Management) platforms.
• Conduct in-depth investigations into security incidents, identifying root causes, impact, and recommending appropriate remediation actions.
• Analyze network traffic, system logs, and other security data to identify suspicious activities, threats, and vulnerabilities.
• Collaborate with incident response teams during major security incidents, providing technical expertise and support.
• Design, develop, and implement new SIEM content, including correlation rules, alerts, reports, dashboards, and use cases, to improve threat detection and operational efficiency.
• Optimize and refine existing SIEM content to reduce false positives, increase fidelity, and align with evolving threat landscapes.
• Develop and maintain documentation for SIEM content, including rule logic, purpose, and response procedures.
• Develop and enhance automation scripts and programs (e.g., Python, PowerShell, Bash) for various SOC functions, including log collection, data enrichment, incident response playbooks, and remediation actions.
• Create integration programs and APIs to connect disparate security tools and platforms, streamlining workflows and improving data correlation.
• Troubleshoot, debug, and optimize existing scripts and applications to ensure their reliability and performance.
• Contribute to the development and maintenance of internal security tools and utilities that enhance SOC efficiency and detection capabilities.
• Proactively identify opportunities for process improvements, automation, and new security control implementations within the SOC.
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and industry best practices, integrating new knowledge into our detection and response strategies.
• Participate in security tool evaluations, proof-of-concepts, and recommendations for new technologies.
• Mentor junior analysts and contribute to knowledge sharing within the team.
Qualifications:
• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Equivalent practical experience will be considered.
• 4+ years of experience in a Security Operations Center (SOC) or similar cybersecurity role, with a strong emphasis on security monitoring and incident response.
• Proven experience in developing and implementing SIEM content (rules, reports, dashboards, use cases) on major SIEM platforms (e.g., Splunk ES, Microsoft Sentinel, IBM QRadar, Exabeam, Elastic SIEM).
• Strong programming and scripting skills (e.g., Python, PowerShell, Bash) for automation, data manipulation, and API integrations.
• In-depth understanding of common attack techniques, tactics, and procedures (TTPs) and the MITRE ATT&CK framework.
• Solid understanding of network protocols (TCP/IP, HTTP/S, DNS, etc.), operating systems (Windows, Linux), and common security technologies (firewalls, IDS/IPS, EDR, proxy servers).
• Experience with cloud security concepts and technologies (AWS, Azure, GCP) is a plus.
• Excellent analytical and problem-solving skills with a keen eye for detail.
• Strong communication skills (written and verbal) with the ability to convey complex technical information to both technical and non-technical audiences.
• Ability to work independently and as part of a collaborative team in a fast-paced environment.
• Relevant industry certifications such as CISSP (Certified Information Systems Security Professional), GIAC (Global Information Assurance Certification) 50X Series or above (required).
• Certifications such as MCSE (Microsoft Certified Solutions Expert) , MCP (Microsoft Certified Professional), CCNA (Cisco Certified Network Associate), Security+ (CompTIA Security+) (preferred).
Work Location: Irvine, CA (Onsite)
Hours: Standard Time Mon-Fri 7:00AM - 4:00PM/11:00AM-8:00PM : Daylight Saving Time (Summer Time) Mon-Fri 8:00AM - 5:00PM/12:00PM - 9:00PM
Overview:
A global leading service provider in cybersecurity solutions is seeking a highly skilled and experienced Senior SOC Analyst with a strong development background to join the Security Operations Center (SOC) team. This role is pivotal in enhancing our security posture by not only performing in-depth monitoring and analysis of security events but also by developing and optimizing the tools and content that drive our detection and response capabilities. The ideal candidate will be a proactive problem-solver with a passion for cybersecurity, capable of translating security requirements into robust technical solutions.
Essential Duties and Responsibilities include but not are limited to:
• Perform advanced monitoring, analysis, and triage of security events and alerts generated from various security tools, with a primary focus on SIEM (Security Information and Event Management) platforms.
• Conduct in-depth investigations into security incidents, identifying root causes, impact, and recommending appropriate remediation actions.
• Analyze network traffic, system logs, and other security data to identify suspicious activities, threats, and vulnerabilities.
• Collaborate with incident response teams during major security incidents, providing technical expertise and support.
• Design, develop, and implement new SIEM content, including correlation rules, alerts, reports, dashboards, and use cases, to improve threat detection and operational efficiency.
• Optimize and refine existing SIEM content to reduce false positives, increase fidelity, and align with evolving threat landscapes.
• Develop and maintain documentation for SIEM content, including rule logic, purpose, and response procedures.
• Develop and enhance automation scripts and programs (e.g., Python, PowerShell, Bash) for various SOC functions, including log collection, data enrichment, incident response playbooks, and remediation actions.
• Create integration programs and APIs to connect disparate security tools and platforms, streamlining workflows and improving data correlation.
• Troubleshoot, debug, and optimize existing scripts and applications to ensure their reliability and performance.
• Contribute to the development and maintenance of internal security tools and utilities that enhance SOC efficiency and detection capabilities.
• Proactively identify opportunities for process improvements, automation, and new security control implementations within the SOC.
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and industry best practices, integrating new knowledge into our detection and response strategies.
• Participate in security tool evaluations, proof-of-concepts, and recommendations for new technologies.
• Mentor junior analysts and contribute to knowledge sharing within the team.
Qualifications:
• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Equivalent practical experience will be considered.
• 4+ years of experience in a Security Operations Center (SOC) or similar cybersecurity role, with a strong emphasis on security monitoring and incident response.
• Proven experience in developing and implementing SIEM content (rules, reports, dashboards, use cases) on major SIEM platforms (e.g., Splunk ES, Microsoft Sentinel, IBM QRadar, Exabeam, Elastic SIEM).
• Strong programming and scripting skills (e.g., Python, PowerShell, Bash) for automation, data manipulation, and API integrations.
• In-depth understanding of common attack techniques, tactics, and procedures (TTPs) and the MITRE ATT&CK framework.
• Solid understanding of network protocols (TCP/IP, HTTP/S, DNS, etc.), operating systems (Windows, Linux), and common security technologies (firewalls, IDS/IPS, EDR, proxy servers).
• Experience with cloud security concepts and technologies (AWS, Azure, GCP) is a plus.
• Excellent analytical and problem-solving skills with a keen eye for detail.
• Strong communication skills (written and verbal) with the ability to convey complex technical information to both technical and non-technical audiences.
• Ability to work independently and as part of a collaborative team in a fast-paced environment.
• Relevant industry certifications such as CISSP (Certified Information Systems Security Professional), GIAC (Global Information Assurance Certification) 50X Series or above (required).
• Certifications such as MCSE (Microsoft Certified Solutions Expert) , MCP (Microsoft Certified Professional), CCNA (Cisco Certified Network Associate), Security+ (CompTIA Security+) (preferred).