Senior SOC Analyst
AARNet (Australia's Academic and Research Network)
Date: 1 week ago
City: Melbourne, Victoria
Contract type: Full time
About AARNet
Australia’s Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education.
As Australia’s National Research and Education Network (NREN). We connect over one million users — researchers, faculty, staff, students, hospitals, vocational training providers, schools and museums — across Australia.
We are an organisation of innovators, doers, and courageous thinkers. We don’t settle for the status quo; instead, we anticipate the future needs of our customers and build solutions today. If you share our imagination, foresight, and drive to shape the future, why not come and join us?
https://www.aarnet.edu.au/
Role Purpose
The Senior Security Operations Centre (SOC) Analyst is a key member within the AARNet SOC, supporting the SOC Manager; you will be responsible for monitoring customer environments including AARNet to identify cyber threats, and performing investigation/response activities in line with documented processes whilst collaborating with both internal and external customer stakeholders.
As a Senior SOC Analyst, you will have both a strong technical focus hands-on and technical focus with broad security knowledge, experience and deep understanding of various SOC domains and incident stages (covering Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned). A critical success factor for this role will be the ability to effectively identify, triage and investigate an incident end to end including escalation and resolution with customers. Between monitoring and responding to incidents, you will be focused on the ongoing uplift of the SOC service capability across people, process and technology.
Senior SOC analysts are expected to perform alert monitoring and triage duties on SOC shifts but work fewer console shifts than standard analysts to make way for the additional duties required as a Senior.
To help in your development and aide the SOC’s maturity you will be enabled to challenge the status quo, think outside the box and apply a growth mindset to develop new and innovative solutions to solve complex challenges. This is supported by a focus on continuous training and exposure to leading security technologies, including a big data and analytics platform providing full flexibility to build advanced defences for cyber threats with the support of our SOC Engineers.
Key Accountabilities
At AARNet, All Employees Are Accountable For
You will celebrate diversity, inclusion, belonging and welcome all people regardless of lifestyle choices, ethnicity, faith, sexual orientation or gender identity.
Your directorate: Cyber Security
You’ll report to: SOC Operations Manager
Your Expertise, Experience & Qualifications
Although not essential to the role, it would be even better if you had any of the following experience/skills:
AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference.
AARNet provides a host of other benefits in line with our HR policies which include:
Australia’s Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education.
As Australia’s National Research and Education Network (NREN). We connect over one million users — researchers, faculty, staff, students, hospitals, vocational training providers, schools and museums — across Australia.
We are an organisation of innovators, doers, and courageous thinkers. We don’t settle for the status quo; instead, we anticipate the future needs of our customers and build solutions today. If you share our imagination, foresight, and drive to shape the future, why not come and join us?
https://www.aarnet.edu.au/
Role Purpose
The Senior Security Operations Centre (SOC) Analyst is a key member within the AARNet SOC, supporting the SOC Manager; you will be responsible for monitoring customer environments including AARNet to identify cyber threats, and performing investigation/response activities in line with documented processes whilst collaborating with both internal and external customer stakeholders.
As a Senior SOC Analyst, you will have both a strong technical focus hands-on and technical focus with broad security knowledge, experience and deep understanding of various SOC domains and incident stages (covering Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned). A critical success factor for this role will be the ability to effectively identify, triage and investigate an incident end to end including escalation and resolution with customers. Between monitoring and responding to incidents, you will be focused on the ongoing uplift of the SOC service capability across people, process and technology.
Senior SOC analysts are expected to perform alert monitoring and triage duties on SOC shifts but work fewer console shifts than standard analysts to make way for the additional duties required as a Senior.
To help in your development and aide the SOC’s maturity you will be enabled to challenge the status quo, think outside the box and apply a growth mindset to develop new and innovative solutions to solve complex challenges. This is supported by a focus on continuous training and exposure to leading security technologies, including a big data and analytics platform providing full flexibility to build advanced defences for cyber threats with the support of our SOC Engineers.
Key Accountabilities
At AARNet, All Employees Are Accountable For
- Actively promoting safe work practices in the workplace during all activities consistent with AARNet’s policies and comply with all WH&S legislation, policies and procedures.
- Actively contributes to a safe and supportive working environment that is inclusive of all staff through celebrating their nationality, cultural background, LGBTI status, abilities, gender and age.
- Mentor and assist in training AARNet SOC Analysts
- Be the first escalation point for SOC Analysts
- Work in close partnership with both internal and external (i.e., customer and vendor) stakeholders; Act as the first point of contact for security incidents and requests into the SOC in line with set SLAs;
- Act as an incident coordinator or problem solver for complex issues/cases and liasing with other teams e.g. incident-response/engineering.
- Refer issues to the SOC Operations Manager when additional support is neededWork closely with the SOC Operations Manager to ensure oversight and support for those on shift at times when the SOC Operations Manager may not be available. Leading continuous improvement initiatives within the team
- Continuously working towards high confidence and high fidelity detection rules leveraging anomalous or suspicious events in collaboration with other SOC team members, including SOC Engineers and Operations;
- Actively contribute to the continuous development of SOC processes and procedures
- Managing quality assurance processes like case reviews for SOC work
- Monitor security cases for the SOC including:
- Conduct proactive monitoring, investigation, and escalation of security incidents;
- Recognise potential, successful, and unsuccessful intrusion attempts and compromises thorough correlation analysis of relevant event detail and summary information;
- Investigate malicious phishing e-mails, domains and IPs using open source and sector intelligence; Provide mitigation guidance and support in response to identified threats;
- Utilise techniques for investigating host and network-based intrusions using SOC technologies;
- Report false positives, detection rule issues and parsing issues to the SOC Engineers and vendors for remediation;
- As a more senior member of the team, take on handling documentation and carrying out advanced processes as needs arise, to resolve difficult cases that exceeds SOC Analyst skillsets following the guidance of the SOC manager.
- Follow all cybersecurity and privacy principles as required by the organisation and customers.
You will celebrate diversity, inclusion, belonging and welcome all people regardless of lifestyle choices, ethnicity, faith, sexual orientation or gender identity.
Your directorate: Cyber Security
You’ll report to: SOC Operations Manager
Your Expertise, Experience & Qualifications
- Experience in dealing with a variety of security cases
- Strong confidence in recognizing and talking about key skills like:
- Network technologies & core internet protocols (DNS/ web / mail)
- OWASP top-ten
- Direct experience in driving resolution on security incidents
- Experience with SIEM and UEBA technologies
- Experience with SOAR technologies and playbook development (Demisto, Cortex XSOAR and/or Phantom would be advantageous)
- Experience with EDR technologies (such as Defender ATP, CrowdStrike)
- A thorough understanding of the MITRE ATT&CK framework and Cyber kill-chain
- Ability to document and explain technical details clearly and concisely to both technical and non-technical audiences
- Practical networking experience with a deep understanding of TCP/IP and other network protocols
- Practical experience with Forensic Incident Response Triage and Investigation techniques and technologies
- Experience with using and optimising a range of threat intelligence feeds
- Excellent troubleshooting and analytical thinking skills
- Strong documentation and documentation skills
Although not essential to the role, it would be even better if you had any of the following experience/skills:
- With the customer-facing nature of the role, communication, presentation and conflict resolution skills are valuable
- Prior experience in working Service provider (SP) or Managed Services provider (MSP)
- Technical Security Certifications such as SANS GCIA
- Expertise on Windows Operating system, Active Directory
- Security oriented & problem-solving mindset (like solving puzzles and finding ways into closed systems)
- High level of attention to detail, revision control and configuration management practices
- A passion for "finding evil" and "doing the right thing" and ability to translate business concepts into the required technical system-based events.
AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference.
AARNet provides a host of other benefits in line with our HR policies which include:
- Competitive remuneration;
- 17% superannuation;
- Flexible work options including a hybrid work model;
- Focus on wellbeing – year-round initiatives and social engagement activities;
- Ethical Leadership: A sector leader in cyber security, social responsibility, and equal opportunity;
- Options to purchase additional Annual Leave;
- 2 days paid Women’s Wellness Leave per month;
- 24 weeks paid Parental Leave – Primary Carer;
- Welcome back to AARNet superannuation payment – on unpaid Parental Leave for Primary Carer;
- 4 weeks paid Birth Trauma Leave;
- 24 weeks paid - Adoption Leave;
- 16 weeks paid Parental Leave – Secondary Carer;
- 5 days paid – First Nations Cultural Leave;
- 2 days paid Family Wedding Leave;
- 24 weeks paid – Foster Carer Leave;
- 5 days paid – Fertility Leave;
- 8 weeks paid – Gender Affirmation Leave;
- Strong Equal Opportunity focus;
- Modern office environment: Hotdesking system and new facilities;
- Support your success: A culture and company structure that allows your career to grow with access to leading edge technologies;
- An opportunity to give back to the academic and research sector.
See more jobs in Melbourne, Victoria