Cybersecurity Tier 2

Requirements

• Cybersecurity SOC Tier 2 analyst must be able to do the following:
• Correlate threat data from various sources to establish the threat/impact against the network.
• After assessment of the data, recommend appropriate countermeasures, facilitating tracking, preliminary handling of investigations, and reporting of all security events and computer incidents.
• Remediation actions and apply lessons learned to security incident investigation and resolution
• Perform monitoring, identification and resolution of security events to detect threats through analysis, investigations and prioritization of events based on risk/exposure
• Develop processes which analyzes data, producing accurate, meaningful, easily interpreted results based on user requirements and use cases
• Develop processes which align with enterprise incident response activities and coordinate closely with other teams within the Security Operations Center
• Create custom tool content to enhance capabilities of security operations teams
• Manage the collection, documentation and research of security events generated by the SOC monitoring platform and infrastructure
• Provide support to Security Incident Management aligned with NIST standards

Technical writing experience

• Standard Operating Procedures
• Runbooks/Playbooks
• Incident Response Plans
• Support training develop with both analysts and tabletop exercises
• Assist or lead the effort in Tool configuration and content creation

Qualifications:

• 2-4 years of experience on one of the following team(s): Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
• Degree in Computer Science, Information Technology, or equivalent work experience
• Experience supporting Cyber Security Operations in a large enterprise environment
• Experience with Incident Response, analysis of network traffic, log analysis, ability to prioritize and differentiate between potential intrusion attempts and false alarms, managing and tracking investigations to resolution
• Experience with SIEM & Log Management solution
• Familiarity with one of the following; NIST Incident Response Lifecycle, Cyber Kill Chain, Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) Metrics
• CCNA Security, GCIA, GCIH, CYSA+, Security+ or other related security certifications
• At minimum there must be one active security certification
• Work schedule: Wednesday to Saturday from 09:00 am to 07:00 pm.(according with the Daylight Saving)
• Excellent communication skills in English (B2+ or higher) and ability to collaborate across functions and geographies.

​

​Benefits:

• Hybrid position with on-site presence required based on business needs. (Site: Ultra park II Lagunilla, Heredia)
• Private Medical Insurance
• Asociacion Solidarista
• Life Insurance
• Personal Day Off

Experience with one or more of the following tools:

• Qradar SIEM/Cortex XSOAR
• SentinelOne
• Proofpoint Email
• Azure Suite
• Zscaler