3rd Shift Cyber Security Operations Analyst

The 3rd Shift Cyber Security Operations Analyst monitors and protects the organization?s systems, networks, and data during overnight hours. This role involves real-time threat detection, incident response, and maintaining the overall security posture of the organization. The analyst works as part of a Security Operations Center (SOC) team and plays a critical role in identifying and mitigating security risks during non-business hours.

Key Responsibilities:

Threat Monitoring and Detection:
? Continuously monitor security tools, such as SIEM systems, intrusion detection/prevention systems (IDPS), firewalls, and endpoint protection platforms, to detect potential security threats or anomalies.
? Analyze and investigate security alerts, identifying true threats versus false positives.
? Conduct proactive threat hunting to identify vulnerabilities or malicious activities.
? Monitor and analyze network traffic, system logs, and user activity to ensure compliance with security policies.

Incident Response and Management:
? Respond to security incidents, including malware infections, phishing attempts, unauthorized access, and other potential breaches.
? Execute containment, eradication, and recovery procedures to minimize the impact of incidents.
? Collaborate with senior analysts or SOC managers to escalate complex or high-risk incidents.
? Document all incidents in detailed reports, including root cause analysis and lessons learned.

System Maintenance and Updates:
? Perform regular updates and maintenance on security tools and platforms to ensure they function effectively.
? Assist in applying patches and updates to address known vulnerabilities.
? Support the integration of new security technologies or tools into the existing infrastructure.

Collaboration and Communication:
? Communicate effectively with team members and stakeholders to provide updates on incidents and overnight activities.
? Participate in shift handovers to ensure continuity of security operations across shifts.
? Assist in the development of documentation, playbooks, and standard operating procedures (SOPs) for SOC operations.

Compliance and Reporting:
? Ensure security operations align with organizational policies, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, GDPR).
? Prepare and submit daily reports summarizing overnight security events and activities.
? Contribute to security audits and compliance reviews.

Continuous Improvement:
? Stay updated on emerging cyber threats, vulnerabilities, and industry best practices.
? Provide recommendations to improve detection, response, and prevention capabilities.
? Participate in training, simulations, and drills to enhance incident response readiness.

Qualifications:

Education:
? Bachelor?s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
? Equivalent work experience may be considered.

Experience:
? 1-3 years of experience in cybersecurity, SOC operations, or a related IT field.
? Familiarity with SIEM tools, IDPS, firewalls, and endpoint detection platforms.
? Experience working in a 24/7 operational environment is a plus.

Skills and Competencies:
? Knowledge of cybersecurity principles, threat landscapes, and attack vectors.
? Strong analytical and problem-solving skills for investigating security events.
? Proficiency in using security tools and platforms (e.g., Splunk, QRadar, Sentinel).
? Understanding of networking concepts (TCP/IP, DNS, VPNs) and operating systems (Windows, Linux).
? Ability to work independently during overnight hours and make quick, informed decisions.

Certifications (preferred):
? CompTIA Security+, CySA+, or equivalent certifications.
? GIAC Certified Incident Handler (GCIH).
? Certified Ethical Hacker (CEH).
? Splunk Core Certified User or similar tool-specific certifications.