Listing Description

Job Summary: 

Are you passionate about securing global-scale ecommerce services and applications that power millions of customers across hundreds of countries around the globe?  Are you passionate about cutting edge technology, security monitoring, threat detection, incident generation, intrusion analysis, and responding to security events?  We are looking for a Senior SOC/IR Analyst to join our growing team!

The Senior SOC/IR Analyst participates in activities including monitoring, detection, incident generation, alerting, and incident response.  Regularly reports to and receives feedback from management, the VSOC, or the MDR platform including detections, escalations, processes, tools, and services.  Supports multiple security-related platforms and technologies utilizing SOAR/Automation, cyber threat intelligence, and threat hunting.  Interfaces with members of the IT organization, other internal business units, and external parties as necessary.  Helps define and tune use cases related to incident generation, threat detection, incident triage, correlation rules, and thresholds.  Participates in the Incident Response process to detect, respond, and contain suspicious or malicious activity.  

Job Expectations: 

• Utilize the SOC/IR Technology platform to participate in daily operations, monitor, detect, and respond to security events 24x7x365.

• Participate in Incident Response activities and help improve the Incident Response Plan.

• Research new threats, vulnerabilities, the evolving threat landscape, advancements in technology, advanced threat detection, and older systems and applications in use, to help define and tune use cases for incident generation.

• Research and gather Cyber Threat Intelligence, and perform Threat Hunting across the enterprise.

• Liaise with the VSOC, MDR, and/or Analysts, and serve as an escalation point.

• Leverage SOAR/automation solution to automate tasks and simplify workflows.

• Analyze attacker TTPs from security events across a large heterogeneous network.

• Partner with the Security Operations/Engineering and other teams, improve and optimize SOC/IR tools, workflows, use cases, and detection mechanisms, to mature monitoring, detection, and response capabilities.

• Partner with the Red/Purple team to help test, improve, and optimize the efficacy of security controls, remediate identified gaps, and improve overall security posture and defenses.

• Adhere to SLAs, metrics and business scorecards for ticket handling of security incidents and events.

• Help plan and execute regular incident response exercises, help focus on creating measurable benchmarks (SLAs, KPIs, metrics) to show progress or deficiencies requiring additional attention.

• Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, Data Loss Prevention (DLP), endpoint controls, databases, wireless security, and data networking to offer global solutions for a complex heterogeneous environment.

• Evaluate SOC/IR policies and procedures and recommend updates to management as appropriate.

Choose Your Own Adventure: While SOC/IR will be this individual’s primary role, we seek out Information Security Analysts/Engineers with a broad range of skills who can pivot to other technologies or passionately learn other skills and technologies.  At iHerb, you will have the ability to ‘choose your own adventure’ a percentage of the time in other areas of Cyber Security, including and not limited to:  Digital Forensics and Incident Response (DFIR), Incident Handling, SOC and Intrusion Analysis, Automation, Cyber Threat Intelligence, Cyber Defense, and Offensive Security.

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Knowledge, Skills and Abilities:

   Required:

• Experience with information security monitoring, detection, incident response, or related experience.

• Experience working in a 24x7 operational environment, with geographic disparity preferred.

• A mix of Blue Team and/or Red/Purple Team and/or MSSP experience preferred.

• Passionate about Cyber Defense, cutting edge technology, investigating and analyzing logs, alerts, incidents, traffic directionality, protocols, and other aspects of security events.

• Knowledge of incident generation, correlation, aggregation, tuning (noise to signal), packet/payload inspection, differentiating between true/false positives/negatives.

• Understanding of applications, operating systems, networking, cloud infrastructure, and attacker TTP.

• Experience driving measurable improvement in monitoring and response capabilities at scale.

• General understanding of security fundamentals (cryptography, least privilege, segregation of duties, …) and general security technologies, including operating systems (Windows, Linux, MacOS), network security (firewalls, VPNs, EDR, Web Content Filtering, etc.), security incident and event management, business continuity, physical security, identity management, directory services, etc.

• Cloud experience with Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).

• Understand AWS services: EC2, VPC, IAM, AWS Systems Manager, etc.

• Understand CVSS scoring, OWASP, the MITRE ATT&CK framework, SDLC, etc.

• Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI-DSS), Health Information Portability and Accountability Ace (HIPAA), Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR).

• Self-starter requiring minimal supervision.  Strong work ethic, including consistent documentation and tracking of activities.

• Excellent problem solving, critical thinking, collaboration, and communication skills

• A strong passion for cyber security, and ability to learn and work, in a fast paced and dynamic environment.

• Highly organized and efficient, with an analytical and problem-solving mindset.

• Demonstrates strategic and tactical thinking, along with decision-making skills and business acumen

Equipment Knowledge: 

• Experience working with a broad range of Cyber Defense security tools, SIEM systems (dashboards, alerts, queries, regex, etc.), threat intelligence platforms, security automation and orchestration solutions (SOAR), intrusion detection and prevention systems (IDS/IPS), web filters, endpoint detection and response (EDR/NGAV), file integrity monitoring (FIM), DLP, cloud platforms (AWS, GCP, Azure), email security, and other network and system monitoring tools.

• Experience with container platforms (Docker, Kubernetes, …) desired.

• Knowledge of IT/Information Security Audit and assessment.

• Knowledge of information security practices and concepts including firewalls, intrusion detection/prevention, EDR, NetFlow analysis, access controls, risk analysis, vulnerability scanning, web content filtering, web proxy systems, DFIR, application whitelisting and data encryption.

• Experience with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.).

• Experience with Google Workspace (e.g., Gmail, Drive, Docs, Sheets, Forms. etc.) preferred.

Experience Requirements:

At least 5+ years experience in information security monitoring, incident response, security operations, or related experience. A minimum three (3) year of security monitoring, incident response, security operations, Blue Team, Red/Purple Team, and/or MSSP experience, preferred. Preferred certifications: GCIH, GCIA, GPEN, GWAPT, CISSP, or equivalent.

Education Requirements: 

BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems, or comparable training/experience, or a combination of education and equivalent work experience.