Share this Job
Apply now »

Senior SOC Analyst-REMOTE

Requisition ID:  90117
Business Unit:  Meggitt USA Services (3405)
Location: 

Rockmart, GA, United States, 30153

Innovation is at the heart of everything we do at Meggitt, a worldwide leader in aerospace, defence and selected energy markets. We believe in our vision of ‘Enabling the Extraordinary: To Fly, To Power, To Live”. These core values – teamwork, integrity and excellence – are what have allowed us to become the company we are today. With facilities and over 10,000 employees worldwide, Meggitt draws on over 160 years of expertise to enhance the lives of people across the globe.

Our Corporate Functions keep our business competitive by providing first-class support from Quality through to Finance and HR.

Headquartered in the UK, Meggitt PLC is a global engineering group specialising in extreme environment components and smart sub-systems for aerospace, defence and energy markets. Some 10,000 people are employed across manufacturing facilities in Asia, Europe and North America and regional bases in Brazil, India and the Middle East.

Job Designation

The role of the Senior Cyber Detection and Response Analyst is to act as a lead incident responder and analyst for cyber security incidents, as well as to manage key Detection and Response Team (DART) technologies, such as SIEM, SOAR, and NGAV/EDR tools. The Senior Cyber Detection and Response Analyst is expected to be involved and in the full incident response lifecycle, from preparation for cyber security incidents, through detecting, managing and resolving ongoing incidents, and finally reporting on those incidents and identifying improvements and lessons learned.

Job Core Responsibilities

•    Identify and manage cyber security incidents following ITG procedures based on NIST frameworks.

•    Record and report on cyber security incidents, including recommendations for improvements in both ITG technologies and procedures to prevent re-occurrence.

•    Manage and administer key DART tools (SIEM, SOAR, NGAV/EDR) in co-ordination with third parties and other teams and team members, ensuring monitoring commitments are met.

•    Keep up to date on the evolving cyber security threat landscape and ensure ITG technologies and procedures are capable of detecting and preventing relevant threats.

•    Act as an escalation point, leader and mentor for other members of the DART.

•    Identify and implement improvements to cyber security tools and alert sources to improve detection of attacks and reduce false positives.

•    Offer guidance to other teams on security best practices and configuration changes to improve security of ITG technologies.
 

Job Specifications

•    Industry recognized information security certification(s), such as GIAC, CompTIA Sec+/CySA+ preferred.
•    Relevant certifications in technologies such as Splunk, Phantom, and Carbon Black useful.
•    2-4 years of experience in Information Security Operations and Incident Response
 

Skills:

•    Ability to understand and follow specific instructions and procedures
•    Ability to research and analyze data effectively    
•    Ability to gather data, to compile information, and prepare reports
•    Good/Strong/Excellence verbal and written communication skills 
•    Ability to influence stakeholders
•    Well-organized, detail-oriented, and ability to multi-task
•    Ability to work independently and prioritize duties with minimal supervision, in order to meet deadlines
•    Decision making skills
•    Strong computer skills, including proficiency with Microsoft Word, Excel, PowerPoint, Access, Outlook, and web-browsers
•    Intermediate level knowledge of PC software applications and strong understanding of PC operating systems
•    Knowledge of the following communication and connectivity systems required: Microsoft TCP/IP, networking protocols, network printing / printer troubleshooting, file sharing, Internet application connectivity
•    Knowledge of Microsoft technologies (SQL Server 2008 (or newer)
•    Knowledge of Windows Server components including the registry, file systems, services, and system management tools
•    Extensive knowledge of information and cyber security incident response procedures and frameworks (especially NIST frameworks).
•    Good understanding of TCP/IP networking and other networking protocols.
•    Good knowledge and understanding of scripting languages such as Python and PowerShell and experience writing scripts in these languages.
•    Experience working with Splunk and/or other SIEM technologies
•    Experience with Splunk administrative tasks such as data onboarding and platform configuration is preferred.
•    Experience working with Splunk Phantom and/or other SOAR technologies is preferred.
•    Experience working with Carbon Black and/or other NGAV/EDR technologies.
•    Good understanding of email security protocols and email analysis.
•    Good understanding of other security technologies, such as firewalls, IDS/IPS, email security gateways, and an ability to work with and analyze logs from these technologies.
•    Experience working with a Microsoft Active Directory (AD) and Windows environment, and an ability to analyze and investigate Windows and AD logs.
•    Experience working with Linux/Unix based systems and logs.
 

Meggitt is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact a Human Resources Representative at 1-855-474-7665 or HRISon@meggitt.com.

If this position is located in the United States, this job will require use of information which is subject to the International Traffic in Arms Regulations (ITAR). As such, all applicants must be U.S. persons within the meaning of ITAR. ITAR defines a U.S. person as a U.S. Citizen, U.S. Permanent Resident (i.e. 'Green Card Holder'), Political Asylee, or Refugee

Apply now »