Position Overview
Our client is seeking a versatile and highly skilled SOC Analyst to join our Security Operations Center (SOC). This role requires an individual who can effectively monitor, analyze, and respond to security incidents across multiple domains, including Network, Application, Cloud, DevSecOps, Endpoint, IoT, IAM, Incident Response, Threat Intelligence, Compliance and Risk, and Data Security. The ideal candidate will possess a strong technical background, a proactive mindset, and the ability to adapt to emerging threats in a dynamic security landscape.
Key Responsibilities
Monitoring and Incident Response
Continuously monitor security tools, logs, and alerts for potential security incidents.
Respond to and investigate security alerts, ensuring quick containment and remediation.
Collaborate with incident response teams to perform forensic analysis and root cause investigations.
Work with MTDR vendor on SIEM configuration and requirements.
Threat Intelligence and Analysis
Analyze and interpret threat intelligence feeds to identify emerging threats.
Conduct proactive threat hunting across systems, networks, and applications.
Maintain up-to-date knowledge of current attack techniques, tactics, and procedures (TTPs).
Leverage MITRE Telecommunication & CK Matrix to identify and map adversary tactics and techniques during threat investigations, enabling faster detection and response.
Network and Endpoint Security
Monitor and secure network infrastructure, including firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs.
Manage and monitor endpoint detection and response (EDR) tools to ensure device security.
Application and Cloud Security
Perform security assessments on applications, APIs, and cloud environments.
Ensure security controls are implemented and maintained in cloud platforms (AWS, Azure, Google Cloud).
Collaborate with DevSecOps teams to automate security checks in CI/CD pipelines.
Leverage OWASP and CSA to identify and mitigate application security risks and ensure cloud security best practices during threat analysis and remediation.
IAM and Data Security
Monitor identity and access management (IAM) systems for suspicious activities and unauthorized access.
Ensure sensitive data is protected through encryption, data loss prevention (DLP), and secure storage.
IoT Security
Assess and secure Internet of Things (IoT) devices and networks.
Implement protocols for secure IoT device management and monitoring.
Compliance and Risk Management
Assist with audits and compliance checks for frameworks such as GDPR, HIPAA, ISO 27001, or NIST.
Provide recommendations for reducing security risks and improving overall compliance posture.
Perform internal audits to ensure controls are operating as expected.
Reporting and Communication
Generate detailed reports on incidents, threats, and remediation actions for technical and non-technical stakeholders.
Communicate effectively with cross-functional teams, including IT, development, and management.
Required Skills and Qualifications
Technical Skills
Knowledge of SIEM platforms (e.g., Sentinel, AlienVault, etc.).
Familiarity with EDR solutions (e.g., CrowdStrike, SentinelOne).
Proficiency in securing cloud environments (AWS, Azure).
Experience with DevSecOps practices and tools (e.g., Jenkins, GitHub, Kubernetes).
Understanding of network protocols (TCP/IP, DNS, HTTP) and security tools (firewalls, IDS/IPS).
Knowledge of IAM principles and tools (e.g., Okta, Azure AD).
Experience with vulnerability management and penetration testing tools (e.g., Nessus, Metasploit).
Familiarity with compliance standards (e.g., GDPR, HIPAA, PCI DSS).
Soft Skills
Strong analytical and problem-solving abilities.
Excellent verbal and written communication skills.
Ability to work collaboratively in a fast-paced environment.
Proactive and self-motivated with a keen attention to detail.
Education and Experience
Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
Certifications (preferred):
CompTIA Security , CEH, CISSP, GSEC, or equivalent.
AWS Certified Security Specialty or Azure Security Engineer Associate.
Certified Incident Handler (GCIH) or Certified Threat Intelligence Analyst (CTIA).
3 years of experience in a SOC or equivalent security operations role.
Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.
Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
Quick Apply
No resume? Create a new profile
Our client is seeking a versatile and highly skilled SOC Analyst to join our Security Operations Center (SOC). This role requires an individual who can effectively monitor, analyze, and respond to security incidents across multiple domains, including Network, Application, Cloud, DevSecOps, Endpoint, IoT, IAM, Incident Response, Threat Intelligence, Compliance and Risk, and Data Security. The ideal candidate will possess a strong technical background, a proactive mindset, and the ability to adapt to emerging threats in a dynamic security landscape.
Key Responsibilities
Monitoring and Incident Response
Continuously monitor security tools, logs, and alerts for potential security incidents.
Respond to and investigate security alerts, ensuring quick containment and remediation.
Collaborate with incident response teams to perform forensic analysis and root cause investigations.
Work with MTDR vendor on SIEM configuration and requirements.
Threat Intelligence and Analysis
Analyze and interpret threat intelligence feeds to identify emerging threats.
Conduct proactive threat hunting across systems, networks, and applications.
Maintain up-to-date knowledge of current attack techniques, tactics, and procedures (TTPs).
Leverage MITRE Telecommunication & CK Matrix to identify and map adversary tactics and techniques during threat investigations, enabling faster detection and response.
Network and Endpoint Security
Monitor and secure network infrastructure, including firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs.
Manage and monitor endpoint detection and response (EDR) tools to ensure device security.
Application and Cloud Security
Perform security assessments on applications, APIs, and cloud environments.
Ensure security controls are implemented and maintained in cloud platforms (AWS, Azure, Google Cloud).
Collaborate with DevSecOps teams to automate security checks in CI/CD pipelines.
Leverage OWASP and CSA to identify and mitigate application security risks and ensure cloud security best practices during threat analysis and remediation.
IAM and Data Security
Monitor identity and access management (IAM) systems for suspicious activities and unauthorized access.
Ensure sensitive data is protected through encryption, data loss prevention (DLP), and secure storage.
IoT Security
Assess and secure Internet of Things (IoT) devices and networks.
Implement protocols for secure IoT device management and monitoring.
Compliance and Risk Management
Assist with audits and compliance checks for frameworks such as GDPR, HIPAA, ISO 27001, or NIST.
Provide recommendations for reducing security risks and improving overall compliance posture.
Perform internal audits to ensure controls are operating as expected.
Reporting and Communication
Generate detailed reports on incidents, threats, and remediation actions for technical and non-technical stakeholders.
Communicate effectively with cross-functional teams, including IT, development, and management.
Required Skills and Qualifications
Technical Skills
Knowledge of SIEM platforms (e.g., Sentinel, AlienVault, etc.).
Familiarity with EDR solutions (e.g., CrowdStrike, SentinelOne).
Proficiency in securing cloud environments (AWS, Azure).
Experience with DevSecOps practices and tools (e.g., Jenkins, GitHub, Kubernetes).
Understanding of network protocols (TCP/IP, DNS, HTTP) and security tools (firewalls, IDS/IPS).
Knowledge of IAM principles and tools (e.g., Okta, Azure AD).
Experience with vulnerability management and penetration testing tools (e.g., Nessus, Metasploit).
Familiarity with compliance standards (e.g., GDPR, HIPAA, PCI DSS).
Soft Skills
Strong analytical and problem-solving abilities.
Excellent verbal and written communication skills.
Ability to work collaboratively in a fast-paced environment.
Proactive and self-motivated with a keen attention to detail.
Education and Experience
Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
Certifications (preferred):
CompTIA Security , CEH, CISSP, GSEC, or equivalent.
AWS Certified Security Specialty or Azure Security Engineer Associate.
Certified Incident Handler (GCIH) or Certified Threat Intelligence Analyst (CTIA).
3 years of experience in a SOC or equivalent security operations role.
Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.
Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.