Home |  Corporate Overview |  Service Offerings |  Supply Contracts/Arrangements |  Clients |  Projects |  Resource Availability |  Opportunities |  Contacts

Security Operations Centre (SOC) Analyst (Stream 3 - IT Security)

Education & Experience

A - Successful completion of a post-secondary degree in Computer Science, Systems Engineering or related field, from a recognized academic institution;

And

B - A minimum of three (3) years professional work experience in the Information Technology (IT) field, of which two (2) of the last five (5) years must be directly related to the development of information security solutions and/or the analysis of information security event logs.

OR

A - Successful completion of a two (2) or three (3) year college diploma in Computer Science, Systems Engineering or related field, from a recognized academic institution;

And

B - A minimum of five (5) years professional work experience in the IT field, of which three (3) of the last five (5) years must be directly related to the development of information security solutions and/or the analysis of information security event logs.

OR

A minimum of eight (8) years professional work experience in the IT field, of which four (4) of the last six (6) years must be directly related to the development of information security solutions and/or the analysis of information security event logs.

Roles and Deliverables could include but are not limited to:
The SOC Analyst is responsible for providing advanced security analysis. Duties could include:

  • Provide advanced analysis support for all data mining activities.
  • Determine appropriate course of actions for events of interest.
  • Build use cases in support of the incident management practice and business requirements.
  • Configure use cases to support incident management practices.
  • Automate security responses and integrate/coordinate activities responsible for managing vulnerabilities on Arcssight monitored environments.
  • Track threats and vulnerabilities to the security information and event management (SIEM) monitored environments.
  • Maintain detailed information about monitored systems, networks and information flows throughout monitored environments.
  • Maintain documentation to support security operations.
  • Track and document changes to monitored environments.
  • Maintain documentation and diagrams, supporting all information flows, within monitored environments.
  • Maintain a list of assets located within monitored environments.
  • Identify and track the criticality, confidentiality and owner of each network and system.
  • Maintain and configure the SIEM solution to support incident management with the SOC.
  • Follow standard operating practices for developing content within the SIEM solution.
  • Configure the SIEM solution with the appropriate asset data and information classification.

Specialties could include but are not limited to:

  • Microsoft, Unix and Linus OS
  • Network protocols including TCP/IP, UDP/IP
  • Application network protocols including DNS, SMTP, HTTP, etc.
  • Forensic ITS investigations
  • Intrusion detection systems
  • Copyright 2005 - 2011 The Devon Group Ltd. All Rights Reserved.