Analyst, Secops C3

**About Difenda**

Difenda is a privately held SecOps-As-A-Service company founded in 2008. We deliver 24.7.365 security operations backed by our modernized SOC 2 Type 2 and ISO27001 certified Cyber Command Center. Difenda is focused solely on the Microsoft security product stack and holds the Microsoft Security Advanced Specialization. We are an outcome-driven SecOps-As-A-Service company that leverages an innovative and collaborative approach providing customers an easy way to consume services and increase maturity.

Our Difenda Shield was developed to break internal security silos, provide customers the ability to scale, and most importantly, provide true visibility within our model. All of our services, MDR (Managed Detection and Response), AVM (Advanced Vulnerability Management), GRC (Governance, Risk & Compliance), BPS (Brand Protection Services), and SAT (Security Awareness Training) roll into our Difenda Shield providing our customers the ability to save costs and maximize visibility across the people, processes, and technologies critical to an organization.

**Job Brief**

The SOC team is a group of highly valued professionals within the Cyber Command Center (C3) recognized for their dedication to seamless 24x7x365 security incident response. They are an integral component of delivering reliable managed security services.

The SecOps Analyst shall have knowledge of, and experience in incident response techniques, incident response life cycle, threat hunting methodologies, malware analysis and threat intelligence. They will perform advanced incident triaging and investigation of adversary Tactics, Techniques, and Procedures (TTP), malicious code, and related capabilities. They provide cyber threat intelligence analysis for briefing and reporting. The SecOps Analyst serves as the expert who is responsible for providing incident response expertise and intelligent technical support to assigned customers.

**Key Responsibilities**:
The primary focus of the SecOps Analyst is to triage security incidents and eradicate threat actors from enterprise networks along with providing recommendations for remediations. They are responsible for analyzing, identifying and hunting threat actor groups and their techniques, tools and procedures.

**Responsibilities**:

- Analyze and identify cyber threat activity based on their known techniques, tactics, procedures (MITRE ATT&CK Framework)
- Analysis of host-based and network-based security alerts, responding to potential threats and vulnerabilities
- Monitor, correlate, identify, analyze, mitigate, manage, track and support processes for all security incidents
- Perform investigation of intrusion attempts and in-depth analysis of indicators of compromise (IoC) from several log sources
- Perform initial triage on security events populated in the ticketing system, and investigation and escalation of these events where applicable.
- Manage security events throughout the incident response life cycle
- Support the development of advanced Security Information and Event Management (SIEM) rules and alerts to detect adversary techniques, tactics, and procedures by providing tuning recommendations based on day-to-day monitoring and customer feedback experiences
- Coach and support other Threat Hunters to improve Difenda’s identification, analysis, breach detection, and response
- Independently follow procedures to contain, analyze, and eradicate malicious activity
- Document all activities during an incident and provide leadership team with status updates during the life cycle of the incident
- Create final incident reports detailing the events of an incident
- Support the development of processes and procedures to improve monitoring, analysis, detection, incident response times, and overall C3 operations
- Promote a consistent delivery of Security Operations Center services through the habitual capture and reuse of the documentation within the SOC knowledgebase
- Foster trust and positively contribute to the Difenda culture by exhibiting open, honest and collaborative qualities in all interactions

**Required Skills**:
Strong working knowledge of:

- Intrusion detection, Threat hunting and Continuous Monitoring
- Incident response life cycle and techniques
- Networking Security fundamentals
- Security technology (Firewalls, IDS/IPS, EDR, etc.)
- SIEM (Splunk, Microsoft Sentinel, Elastic)
- Microsoft Defender Security Toolsets
- MITRE ATT&CK Framework, cyber observables, and indicators of compromise (IoC)

**Required Competencies**:

- Ability to quickly learn new and complex concepts
- Strong analytical skills, problem solving, conceptual thinking and attention to detail
- Organized, proactive, and requiring mínimal management oversight
- Outstanding written skills for preparing reports and briefings
- Excellent interpersonal, verbal, and written communication skills across multiple levels of the organization
- Displays a sense of ownership and exhibits flexibility, resilien