3rd Shift Cyber Security Operations Analyst
The 3rd Shift Cyber Security Operations Analyst monitors and protects the organizations systems, networks, and data during overnight hours. This role involves real-time threat detection, incident response, and maintaining the overall security posture of the organization. The analyst works as part of a Security Operations Center (SOC) team and plays a critical role in identifying and mitigating security risks during non-business hours. Key Responsibilities: Threat Monitoring and Detection: Continuously monitor security tools, such as SIEM systems, intrusion detection/prevention systems (IDPS), firewalls, and endpoint protection platforms, to detect potential security threats or anomalies. Analyze and investigate security alerts, identifying true threats versus false positives. Conduct proactive threat hunting to identify vulnerabilities or malicious activities. Monitor and analyze network traffic, system logs, and user activity to ensure compliance with security policies. Incident Response and Management: Respond to security incidents, including malware infections, phishing attempts, unauthorized access, and other potential breaches. Execute containment, eradication, and recovery procedures to minimize the impact of incidents. Collaborate with senior analysts or SOC managers to escalate complex or high-risk incidents. Document all incidents in detailed reports, including root cause analysis and lessons learned. System Maintenance and Updates: Perform regular updates and maintenance on security tools and platforms to ensure they function effectively. Assist in applying patches and updates to address known vulnerabilities. Support the integration of new security technologies or tools into the existing infrastructure. Collaboration and Communication: Communicate effectively with team members and stakeholders to provide updates on incidents and overnight activities. Participate in shift handovers to ensure continuity of security operations across shifts. Assist in the development of documentation, playbooks, and standard operating procedures (SOPs) for SOC operations. Compliance and Reporting: Ensure security operations align with organizational policies, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, GDPR). Prepare and submit daily reports summarizing overnight security events and activities. Contribute to security audits and compliance reviews. Continuous Improvement: Stay updated on emerging cyber threats, vulnerabilities, and industry best practices. Provide recommendations to improve detection, response, and prevention capabilities. Participate in training, simulations, and drills to enhance incident response readiness. Qualifications: Education: Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent work experience may be considered. Experience: 1-3 years of experience in cybersecurity, SOC operations, or a related IT field. Familiarity with SIEM tools, IDPS, firewalls, and endpoint detection platforms. Experience working in a 24/7 operational environment is a plus. Skills and Competencies: Knowledge of cybersecurity principles, threat landscapes, and attack vectors. Strong analytical and problem-solving skills for investigating security events. Proficiency in using security tools and platforms (e.g., Splunk, QRadar, Sentinel). Understanding of networking concepts (TCP/IP, DNS, VPNs) and operating systems (Windows, Linux). Ability to work independently during overnight hours and make quick, informed decisions. Certifications (preferred): CompTIA Security+, CySA+, or equivalent certifications. GIAC Certified Incident Handler (GCIH). Certified Ethical Hacker (CEH). Splunk Core Certified User or similar tool-specific certifications. Apply Job!