Cyber Security Analyst 2

What You’ll Do:- Monitor cyber security tools to identify, triage, and report security incidents to customers.- Leverage available cyber security capabilities to contain security incidents to prevent the lateral spread of malware or lateral movement of attackers.- Conduct cyber security investigations to identify and rule out false positive security incidents. - Provide additional cyber security investigatory support to customers as needed. - Work with a team of like-minded professionals to monitor customer ticket queues and triage tickets that need immediate attention. We service customers as small as 10 users, up to multi-national enterprises.- Follow pre-defined playbooks and runbooks and collaborate with other technical resources, where appropriate.- Monitor and process event tickets on a prioritized basis as to the customer impact and urgency of these events.- Remain cognizant of customer service-level agreements and strive to meet or exceed them on a regular basis.- Participate in Incident Management by providing situational reports (sitreps) via ticket updates and/or customer-facing communications.- Provide first level technical resolution for cyber security incidents.- Collaborate with our Network Operations Center (NOC) as needed, to document incidents, maintenance, and problems.- Utilize various systems management tools to monitor availability, reliability, and performance of customer environments.- Demonstrate problem solving skills that contribute towards the resolution of any issues that arise.- Quickly assess an issue and form an understanding of the likely root cause in unfamiliar technical environments and technologies. - Investigate, resolve, and/or escalate matters of significance pertaining to customer alerts and events.- Document solutions, processes, procedures and present them in writing, verbally on the phone or in-person. - Creating After Action Reports as well as incident response reports - Commit to professional growth and development by maintaining and/or obtaining new industry specific certifications.What Skills & Experience You’ll Need:- Experience with monitoring and using a SIEM > Azure Sentinel preferred (Splunk, Elastic, QRadar are nice to have)- Experience supporting and administering the following is highly desired: > Crowdstrike (or a similar nextgen endpoint solution) > Azure or AWS cloud environments, including compute, storage, networking basics, and backups. > Microsoft O365 > Microsoft Defender > Microsoft Sentinel > Microsoft OS 10&11, Mac OS > Windows Server OS: Windows 2012 through Windows 2019, including ADDS, DNS, DHCP, DFS, file/print services, PowerShell basics. > KQL query language > Nessus IO- Networking Basics (CompTIA Network+ equivalent).- At least one of the following industry certifications highly desired: Security+, Network+, CEH, GCIH.- A curious disposition.- Strong documentation, reporting, analytical and problem-solving skills.- The ability to effectively engage in customer-facing communications.Preferred Qualifications:- Experience with any of the following tools: Kaseya VSA, Auvik.- Experience working in IT enterprises that use industry frameworks such as ITIL, COBIT, or MOF.