Job DescriptionFortinet is looking for a Security Operations Centre (SOC) Analyst to be part of the FortiCloud SOC-as-a-Service team. This is a highly technical role, monitoring security events, identifying threats, assessing risks, and working with customers globally to improve their security posture.
FortiCloud SOC-as-a-Service team operates based on a follow the sun approach. Working hours for this position includes 5 days/40 hours per week, consisting of 1 weekend and 4 weekdays (e.g. Sunday - Thursday or Tuesday - Saturday), 9am - 5pm.
Responsibilities:- Monitor SOC alerts to detect potential threats
- Use threat intelligence feeds, triage alerts and filter out false-positives
- Create custom reports, dashboards, and execute log searches to support investigations and customer's requirements
- Work with customers and Forensic analysis team to contain and eradicate incidents if need be
- Follow Incident Response playbooks, processes and procedures and help to improve them
- Create/Update use case detections to detect new threats from raw logs
- Create/Update playbooks to automate repetitive triage steps
Requirements:- Understanding of SOC operations and Incident Response Life cycle.
- Understanding of Cyber Kill chain, threat vectors and threat intelligence
- Understanding of layered security at data, OS and network levels
- Understanding Cybersecurity Frameworks
- Hands-on experience with security log analysis such as AV, IPS, Anti-Spam logs
- Hands-on experience with visualization, reporting technologies
- Hands-on experience with PostgreSQL, regular expressions
- Hands-on experience with Network Security technologies such as Firewalls, SIEM, Sandbox
- Hands-on experience with Linux and Windows system administration.
- Previous working experience with Fortinet products is a bonus.
- Team player, solution-focused, conflict management skills
- Self-directed, takes initiatives
- Open to new challenges and learning opportunities
- Understands the importance of discipline, consistency and communication
- Good verbal and written communication skills
- Cybersecurity certifications such as GCIA, GCIH, GMON, GSOC, CEH, Security+ is a bonus
- Graduates from IT degrees, or mid-career IT professionals with certifications in cybersecurity may apply
- Must be authorized to work in the U.S. without sponsorship