Security Operations Center Analyst

Homecare Homebase, a subsidiary of Hearst Corporation is a market leader in healthcare software development providing mobile cloud-based solutions for clinical, operational, and financial improvement of homecare and hospice agencies throughout the United States. Our software enables real time solutions for wireless information exchange and communication between office staff, field staff, and physicians.

Our success is fueled by our talented technology teams that are driven by their passion to make a difference in patient care. Our employees work in a culture that is guided by values of caring, action, respect, excellence, and smile (a positive attitude). If you want to work in a role where your skills have a direct influence on patient care, Homecare Homebase is the next step in your career. We are hiring technologists that want to make a difference.

SOC Analyst

• SOC Service Monitoring, Analytics and Cyber Threat Analysis;
• Continuous & persistent monitoring of security technologies/tool data and network traffic which result in security alerts generated, parsed, triggered, or observed on the in-scope managed networks, enclaves, systems or security technologies;
• Analyzing, triaging, aggregating, escalating and reporting on client security events including investigation of anomalous network activity, and responds to cyber incidents within the network environment or enclave;
• Correlation and trend analysis of security logs, network traffic, security alerts, events and incidents;
• Properly use of Splunk Core, Splunk Security Essentials, and Splunk Enterprise Security;
• Continuously works to tune security tools to minimize false positives and maximize detection and prevention effectiveness. Collaborates with the owners of cyber defense tools to tune systems for optimum performance;
• Analyzes malware and attacker tactics to improve network detection capabilities. Collaborates with external companies or government agencies to share open source or classified intelligence;
• Distributes use case context, vulnerability and threat advisories as relevant to optimize security tools, SIEM and client awareness;
• Incident categorization and severity assignment consistent with client criteria;
• Event and incident handling consistent with applicable client plans and processes;
• Integration of activities with standard reports, such as shift reports, along with client communication protocols;
• Documents and provided feedback to engineers for custom views, channels, and other content for Incident Response, Insider Threat Management (ITM), and other threat detection use cases into disparate enclaves in the customer environment;
• Support calculation of security metrics related to Managed SOC Services offering;
• Drive SIEM content development, tuning, and review.

REQUIRED SKILLS:

• Prior experience working in any of the following three: Security Operations Center (SOC), Network Operations Center (NOC), Computer Incident Response Team (CIRT)
• Knowledge of and practical experience of integration of COTS or open source tools
• Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks
• Experience in computer intrusion analysis and incident response
• Working knowledge of Intrusion detection/protection systems
• Knowledge and understanding of network devices, multiple operating systems, and secure architectures
• Working knowledge of network protocols and common services
• System log analysis
• Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Experience responding to and resolving situations caused by network attacks
• Ability to assess information of network threats such as scans, computer viruses or complex attacks
• Working knowledge of WAN/LAN concepts and technologies
• SIEM content Analysis, Development and Testing
• 6 months recent experience (within the last 2 years) with Splunk
• Familiarity with packet analysis to include: HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
• Excellent written and verbal communication skills;
• Personality traits: Naturally curious and inquisitive nature; persistent and determined; loves solving problems and puzzles; analytically rigorous; uncompromising integrity.

EXPERIENCE

Required:

• 5+ years of related work experience with a Bachelor's degree; or 4 years with Master's degree
• Splunk Core, Splunk Security Essentials, Splunk Enterprise Security
• Familiar knowledge of Process and IT service management concepts such as ITIL and ITSM

Preferred:

• ServiceNow's Incident Management platform

·

• Bachelor's Degree in Management Information Systems, Computer Science is preferred.

• Master's degree in Computer Security, Cybersecurity, etc
• Certifications related to security (such as Security+, GSEC, GCIH, GCIA, CISSP, NCSF, etc)
• Certifications in Splunk
• Certifications related to ITIL\ITSM