Security Analyst -Threat Monitoring Analyst L1

Job Description
Job Description
The SOC Threat Monitoring Analyst role is part of the SOC. Candidates in this role will monitor computer security events according to documented procedures and industry best practices and are the first line of defense in protecting the information systems from internal and external threats. Ideal candidates should be experienced in the areas of networking, client/server technologies, and analyzing log files. Candidates must have strong multitasking capabilities and be able to evaluate threats, vulnerabilities, and risk while under pressure. Candidates must display enthusiasm and interest in Information Security.

Required Technical and Professional Expertise

  • Monitoring of security events received through alerts from Security Incident and Event Monitoring or other security tools
  • Review alerts escalated by the Help desk
  • Performing Level 1 analysis of security issues
  • Performing initial assessment of the priority of the event (Classification)
  • Performing initial determination of incident to determine risk and damage (Triage)
  • Performing appropriate routing of security or privacy data request and notifying appropriate contact for security events and response (Escalation)
  • Monitoring of alert and downstream dependency's health
  • Takes an active part in the resolution of incidents, even after they are escalated
  • Work assigned via ticket queue

Required Technical and Professional Expertise

  • Process and Procedure adherence
  • General network knowledge and TCP/IP Troubleshooting
  • Ability to trace down an endpoint on the network, based on ticket information
  • Familiarity with system log information and what it means
  • Understanding of common network services (web, mail, DNS, authentication)
  • Knowledge of host based firewalls, Anti-Malware, HIDS
  • General Desktop OS and Server OS knowledge
  • TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Preferred Tech and Prof Experience

  • Security Essentials - SEC401 (GSEC certification) or equivalent
  • Intrusion Detection In Depth - SEC503 (GCIA certification) or equivalent

EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Back to top