IT Security Operations Analyst II

The IT Security Operations Analyst II is responsible for protecting Microchip Technology Inc.'s information systems and networks from cyber threats. This position requires strong expertise in blue team operations, security operations, vulnerability management, incident response, and security engineering, with practical experience using a range of endpoint and network security tools. The role also involves developing and refining security strategies to strengthen the company's security posture. Close collaboration with IT teams, management, and other stakeholders is essential to ensure a robust and compliant cybersecurity framework.

Key Responsibilities:

• Leverage the latest threat intelligence to identify and detect emerging cyber threats.
• Enhance team efficiency by identifying opportunities for process tuning, developing automation playbooks, and optimizing the use of security technologies.
• Review and provide technical recommendations for tuning security controls to strengthen the organization's security posture.
• Act as an escalation point for both process and technical guidance within the team.
• Conduct quality audits of incident tickets to ensure adherence to established processes and standards.
• Perform in-depth investigations of security alerts, including those escalated by Level 1 SOC Analysts.
• Analyze technical data to assess whether anomalies represent potential security threats.
• Manage security incidents and response processes, ensuring timely and accurate resolution.
• Conduct advanced analysis of incidents to evaluate their complexity, sophistication, and potential impact.
• Provide technical mentorship and guidance to Level 1 Analysts in resolving complex incidents.
• Ensure the accuracy and quality of incident reports and maintain high standards in incident management.
• Lead teams or sub-teams as required to support operational objectives.
• Provide on-call support for high-priority or high-severity security incidents.
• Ensure balanced capacity and effective workforce management for 24/7 SOC service delivery.
• Deliver training to enhance the skills and capabilities of new and existing team members.
• Contribute to SOC playbooks and the knowledge base by documenting findings from investigations to inform and improve future incident response efforts.

Qualifications and Experience:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• At least 2 years of experience in a Level 2 (L2) Cyber Security role.
• Highly desirable certifications: CompTIA Security+ (SEC+), Cybersecurity Analyst (CYSA+), or equivalent credentials.
• Relevant system and network certifications such as CompTIA A+, Network+, or Cisco CCNA.

Technical Skills:

• Strong understanding of network and endpoint security solutions, including firewalls, proxies, antivirus, and IDS/IPS concepts.
• Proficient in networking protocols and technologies (e.g., TCP, IP, HTTP/HTTPS).
• Hands-on experience with SIEM, UEBA, and EDR platforms as a Level 2 security analyst.
• Proficiency in open-source intelligence (OSINT) techniques and tools (e.g., Maltego, Shodan, SpiderFoot) for threat hunting.
• Advanced knowledge of Unix, Linux, and Windows operating systems.
• Experience with attack and penetration testing methodologies and vulnerability assessment tools (e.g., Metasploit, Burp Suite, Nmap, Nessus, Qualys).
• Ability to develop scripts, tools, or methodologies to enhance incident investigations and processes (e.g., Python, PowerShell, Wireshark).
• Solid understanding of web application security principles and practices.
• Strong foundational knowledge and hands-on experience in applying AI and machine learning algorithms to enhance security measures and automate threat analysis.
• NOTE: While familiarity with AI-driven tools is valuable, we prioritize candidates who demonstrate robust core security principles and do not rely solely on AI solutions.

Investigation and Analysis Skills:

• Proficient in advanced investigation techniques, including:
• Network forensic acquisition and analysis (e.g., Wireshark, PacketTracer, open-source tools)
• Endpoint forensic acquisition and analysis (e.g., EnCase, X-Ways, Axiom, IEF, FTK)
• Memory analysis
• Analysis of diverse security logs (e.g., endpoint, security appliances, SIEM, Windows event logs, syslog)
• Reverse engineering of malware
• Email header analysis
• Vulnerability report analysis and remediation

Communication and Leadership:

• Excellent verbal and written communication skills, with the ability to produce clear, structured reports.
• Comfortable leading investigations and effectively communicating with both technical and non-technical stakeholders.
• Demonstrates a strong sense of personal responsibility for continuous learning and professional development.