3rd Shift Cyber Security Operations Analyst

The 3rd Shift Cyber Security Operations Analyst monitors and protects the organization’s systems, networks, and data during overnight hours. This role involves real-time threat detection, incident response, and maintaining the overall security posture of the organization. The analyst works as part of a Security Operations Center (SOC) team and plays a critical role in identifying and mitigating security risks during non-business hours.

Key Responsibilities:

Threat Monitoring and Detection:
• Continuously monitor security tools, such as SIEM systems, intrusion detection/prevention systems (IDPS), firewalls, and endpoint protection platforms, to detect potential security threats or anomalies.
• Analyze and investigate security alerts, identifying true threats versus false positives.
• Conduct proactive threat hunting to identify vulnerabilities or malicious activities.
• Monitor and analyze network traffic, system logs, and user activity to ensure compliance with security policies.

Incident Response and Management:
• Respond to security incidents, including malware infections, phishing attempts, unauthorized access, and other potential breaches.
• Execute containment, eradication, and recovery procedures to minimize the impact of incidents.
• Collaborate with senior analysts or SOC managers to escalate complex or high-risk incidents.
• Document all incidents in detailed reports, including root cause analysis and lessons learned.

System Maintenance and Updates:
• Perform regular updates and maintenance on security tools and platforms to ensure they function effectively.
• Assist in applying patches and updates to address known vulnerabilities.
• Support the integration of new security technologies or tools into the existing infrastructure.

Collaboration and Communication:
• Communicate effectively with team members and stakeholders to provide updates on incidents and overnight activities.
• Participate in shift handovers to ensure continuity of security operations across shifts.
• Assist in the development of documentation, playbooks, and standard operating procedures (SOPs) for SOC operations.

Compliance and Reporting:
• Ensure security operations align with organizational policies, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, GDPR).
• Prepare and submit daily reports summarizing overnight security events and activities.
• Contribute to security audits and compliance reviews.

Continuous Improvement:
• Stay updated on emerging cyber threats, vulnerabilities, and industry best practices.
• Provide recommendations to improve detection, response, and prevention capabilities.
• Participate in training, simulations, and drills to enhance incident response readiness.

Qualifications:

Education:
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Equivalent work experience may be considered.

Experience:
• 1-3 years of experience in cybersecurity, SOC operations, or a related IT field.
• Familiarity with SIEM tools, IDPS, firewalls, and endpoint detection platforms.
• Experience working in a 24/7 operational environment is a plus.

Skills and Competencies:
• Knowledge of cybersecurity principles, threat landscapes, and attack vectors.
• Strong analytical and problem-solving skills for investigating security events.
• Proficiency in using security tools and platforms (e.g., Splunk, QRadar, Sentinel).
• Understanding of networking concepts (TCP/IP, DNS, VPNs) and operating systems (Windows, Linux).
• Ability to work independently during overnight hours and make quick, informed decisions.

Certifications (preferred):
• CompTIA Security+, CySA+, or equivalent certifications.
• GIAC Certified Incident Handler (GCIH).
• Certified Ethical Hacker (CEH).
• Splunk Core Certified User or similar tool-specific certifications.