Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security,
Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!
Position Overview
With a growing client base, Thrive is continuing to build out its security team. We are looking to hire a SOC Analyst II to take a role within our Security Operation Center assist with the continuously monitor and improve our customers' security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents utilizing technology and well-defined processes and procedures. The ideal candidate will have a passion for information security and will value what a properly managed Security monitoring solution can bring to our client needs.
Primary Responsibilities
- Process investigation requests from Tier 1 SOC Analysts who perform security event monitoring using Security Information and Event Management (SIEM) from multiple sources, including but not limited to, events from network and host-based intrusion detection/prevention systems, network infrastructure logs, systems logs, applications, and databases
- Investigate intrusion attempts, differentiate false positives from true intrusion attempts, and perform in-depth analysis of exploits
- Utilize threat intelligence to identify and investigate potential security threats
- Lead incident response and threat hunting efforts for confirmed security incidents and follow through until resolution
- Develop playbooks for incident response and incident management processes, including threat triage, incident investigation, and incident resolution
- Conduct regular reviews of playbooks to ensure they are current and effective
- Work with cross-functional teams to ensure that playbooks are aligned with the overall security strategy and goals
- Participate in tabletop exercises and drills to test and validate playbooks
- Monitor and evaluate security incidents to identify opportunities for improving playbooks
- Keep up-to-date with current security threats and trends to ensure that playbooks are relevant and effective
- Actively investigate the latest security vulnerabilities, advisories, incidents, and TTPs (tactics, techniques, and procedures) and work with Security Engineering team to recommend use cases.
- Proactive monitoring, threat hunting, and response of known and/or emerging threats
- Carry out Thrive’s information security strategy both internally and externally for 400+ clients in the northeast
- Analyze data from our SOC and SIEM and determine if further analysis is needed
- Work within Thrive’s security standards and best practices and recommend future enhancements
- Manage our clients’ security awareness training to help their end users be as safe as possible
- Stay abreast of security events and techniques to keep our clients protected
- Build awareness through training and education
Qualifications
- Has advanced knowledge of the following systems and technologies:
- SIEM (Security Information and Event Management)
- TCP/IP, computer networking, routing, and switching
- IDS/IPS, penetration and vulnerability testing
- Firewall and intrusion detection/prevention protocols
- Windows, UNIX, and Linux operating systems
- Network protocols and packet analysis tools
- EDR, Anti-virus, and anti-malware
- Content filtering
- Email and web gateway
- Demonstrates comprehension of good security practices
- Professional experience in a system administration role supporting multiple platforms and applications
- Ability to communicate network security issues to peers and management
Required Qualifications
- Computer Networking & Security
- Vulnerability Discovery and Analysis
- Operating System Internals
- Familiarity with TCP/IP network protocols, application layer protocols (e.g., HTTP, SMTP, DNS, etc.)
- Excellent Written and Verbal Communication Skills
Preferred Qualifications:
- Knowledge of common Windows and Linux/Unix system calls and APIs
- Understand Anti-Virus
- Knowledge of programming languages
- Knowledge of internal file structures for file formats commonly associated with malware (e.g., OLE, RTF, PDF, EXE, etc.)
13 jobs found