<p>The Sentinel Blue Security Operations Center (Overwatch Team) is seeking a SOC Analyst I to serve as the first line of defense against cyber adversaries, responsible for real-time monitoring, initial triage, and performing root-cause analysis of security events. </p> <p>Here, we do more than react. <em>We engage</em>. </p> <p>We are seeking a proactive analyst who is eager to investigate suspicious alerts, sift through the noise and correlate data, validate threats, and prioritize remediation. </p> <p>The ideal candidate values a desire to learn, improve, and foster team collaboration. In this role, there is opportunity for growth beyond mere ticket closure, gaining exposure and skills in other cybersecurity domains (ie. Threat Intelligence, Threat Hunting, Digital Forensics and Incident Response (DFIR), Vulnerability Management, and Detection Engineering). </p> <p>This is a full-time, entry-level position–perfect for recent graduates or those pivoting into cybersecurity for experience, who demonstrate a keen interest in the field. Must be open to and willing to work a shift schedule. </p> <p>You will be surrounded by a passionate team and culture that takes pride in our work, our core values, and a pursuit of excellence in protecting our client’s data and assets in a multi-tenant cloud environment. </p> <p><em>*This is a full-time position that is fully remote. <strong>Due to the nature of our work, you must be a U.S. citizen with eligibility for a clearance. No exceptions.*</strong></em></p> <p><strong>What We Can Offer:</strong></p> <p>Sentinel Blue is a young company with a focused mission: we’re bringing enterprise-class cybersecurity to small and medium sized businesses. Frankly, we’re pushing the envelope of how things are done and constantly seeking innovative ways to meet that mission. The pace is fast, and we’re always learning new things. This is a great place if you want to expose yourself to new and emerging technologies, want to be challenged, and want to build your skills. Further, success in this role can quickly transition into a team leadership role. The right person will find themselves in a fun, dynamic environment, working on interesting problems and making a real difference.</p> <p><em>You will be required to achieve a Security+ certification in the first 2 months of hire; we’ll cover your certification costs and provide paid time for you to study!</em></p> <p><strong>Requirements:</strong></p> <ul> <li>U.S. citizenship - by nature of our work with the defense industry, all employees must be eligible for a Secret clearance.</li> <li>Minimum of 0-2 years of experience in a Security Operations Center and/or a combination of experience in IT Support, Networking, or System Administration. </li> <li>CompTIA Security+ certification is required within the first 2 months of hire.</li> </ul> <p><strong>Job Duties and Responsibilities:</strong></p> <ul> <li>Continuously monitor the Security Information and Event Management (SIEM) dashboard and leverage security tools to detect potential security incidents and anomalies in real-time.</li> <li>Analyze incoming alerts to determine their relevance and urgency; effectively distinguish between false and true positives to prioritize response efforts.</li> <li>Conduct investigations by gathering context and other relevant logs to understand scope of alert.</li> <li>Strictly adhere to established Service Level Agreements (SLAs), Incident Response (IR) playbooks and Standard Operating Procedures (SOPs) to ensure consistent and compliant handling of security events. </li> <li>Create, update, and manage tickets in our case management system, ensuring all investigative steps, communications, and findings are thoroughly documented. </li> <li>Identify and escalate complex or high-severity incidents to Tier II or Incident Response Team, providing clear details and a comprehensive summary of initial findings. </li> <li>Perform basic remediation actions, such as blocking indicators and isolating compromised hosts, when authorized by SOPs or directed by senior personnel. </li> <li>Demonstrate excellent verbal and written communication skills, when communicating with team members, clients, and/or stakeholders.</li> <li>Contribute to the team’s knowledge base, creating or updating articles, SOPs, and/or playbooks when new trends or resolution methods are identified. </li> </ul> <p><strong>Knowledge and Skills: </strong></p> <ul><li><strong>Log Analysis: </strong>Familiarity with and ability to parse different types of logs – identity, network, firewall, web proxy, Sysmon, Windows Events, etc. to look for Indicators of Compromise (IOCs).</li><li><strong>Operating Systems: </strong>Familiarity with Windows, macOS, and Linux.</li><li><strong>Phishing Analysis: </strong>Evaluate header information, authentication protocols, malicious URLs and attachments, and inspect content for signs of social engineering and/or spoofing. </li><li><strong>Threat Enrichment: </strong>Utilize Open Source Intelligence (OSINT) tools and internal threat intel feeds to check reputation of suspicious file hashes, IP addresses, domains, and URLs. </li><li><strong>Frameworks: </strong>Understanding of the MITRE ATT&CK Framework and Cyber Kill Chain stages. </li><li><strong>Networking: </strong>Knowledge of common ports, OSI and TCP/IP models, key protocols (TCP/UDP, DNS, HTTP/HTTPS), network segmentation, packets, VPNs, and firewalls. </li><li><strong>Basic Malware Analysis: </strong>Understanding of static and dynamic analysis of malicious files. </li><li><strong>Basic Cryptography: </strong>Ability to identify type of base encoding, cipher schemes, and understanding of hashing, digital signatures, and encryption/decryption. </li><li><strong>Reporting: </strong>Ability to explain and translate technical findings or concepts to a general audience.</li><li><strong>Common Attacks: </strong>Ability to recognize tactics, techniques, and procedures (TTPs) of common attacks, such as credential attacks, malware, phishing, ransomware, insider threat, Denial-of-Service, code injection, etc. </li><li><strong>Querying and Scripting: </strong>Familiarity with and ability to use querying languages (e.g. Kusto Query Language) and/or PowerShell. </li></ul> <p><strong>Desired Qualifications:</strong></p> <ul> <li>Associate’s or Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related technical field.</li> <li>CompTIA Security+, GIAC Security Essentials (GSEC), Security Blue Team Level 1 (BTL1), and/ or Microsoft Security Operations Analyst (SC-200).</li> <li>Professional portfolio of projects: e.g. Github, article write-ups, home labs, etc. </li> <li>Participation in Capture-the-Flag (CTF) competitions, hackathons, bug bounties, and/or holds a high ranking on a platform (e.g. top 10% in Hack the Box).</li> </ul> <p><strong>Benefits:</strong></p> <ul> <li>Fully paid individual healthcare, vision and dental insurance for the employee.</li> <li>Paid certification and training opportunities.</li> <li>Three weeks of paid vacation + 10 paid holidays.</li> <li>A supportive environment with a focus on keeping healthy work-life balance.</li> <li>Retirement benefit (401k) with company match.</li> </ul>