**Job Summary**:
The role will monitor cybersecurity consoles, dashboards, and/or feeds and perform alert triage and analysis, initial incident scoping and documentation, ticket escalation, attack disruptions for pre-defined/approved conditions; and, initial incident response management, detailed scoping, and incident coordination among various internal and external teams.
**Key Responsibilities**:
- Monitor SOC mailbox, IT ticketing system, hotline, threat intelligence feeds, endpoint/data loss prevention consoles, and other security tools for alerts
- Triage alerts, conduct incident response and recovery activities
- Perform deep-dive investigations and root cause analysis
- Collect forensic artifacts on suspicious workstations and analyze with Forensic Analysis tools
- Conduct security and behavior risk identification
- Initiate the coordination of risk mitigations and escalation to client leadership
- Coordinate internal response to incidents
- Suggest changes to SOC Detection logic on various SOC technologies
- Adhere to approved SOC documentation e.g., processes and procedures
- Develop, coordinate, and implement SOC documentation
- Act as shift lead and primary point-of-contact to client SOC team
- Develop and coordinate SOC operation metrics and reports
- Draft SOC shift change reports and conduct shift-change briefings to maintain continuity of operations
**Knowledge, Skills and Experience Requirements**:
- Minimum of 5 years of professional experience in operating, managing, designing, implementing, maintaining, or supporting cybersecurity technology
- Minimum of 5 years of professional experience in SOC operations and/or incident response
- Understanding of technologies and solutions utilized in cybersecurity and networks (SIEM, SOAR, Firewalls, IAM, IDS/IPS, End Point Protection, Threat Management/Intelligence.)
- Strong understanding of intrusion detection concepts and information security defense
- Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
- Experience in SOC documentation development
- Understanding of Incident Response analysis skills e.g., SURGE Collect
- Forensic artifact examination with Volatility
- Proven experience with multiple security event detection platforms
- Thorough understanding of TCP/IP
- Understand basic IDS / IPS rules to identify and/or prevent malicious activity
**Soft Skills**:
- Full professional proficiency in English,, especially in technical writing and verbal
- Demonstrated integrity in a professional environment
- Completed technical higher education in the field of computer science or related field
- Possession of certificates or education related to cybersecurity, information technology, or engineering
- Possession of cybersecurity certifications e.g., CISSP, GCIH, GMON, GSOC
**What working at EY offers**:
- Skills development in the cybersecurity domain
- Executive communication skills
- Opportunities for professional development at EY
- Certifications via external and internal training
- Conference attendance