Job Purpose
The Security Operations Centre team at CPX is a cross-functional Operations/ Engineering team involved at all phases of our application and service release lifecycle that embraces the SecOps communication, collaboration, and integration method. The Senior Security Analyst is responsible for leading security monitoring efforts, analyzing various log sources, responding to security incidents, and enhancing the overall security operations program within elements of CPX/Client technology.
Key Responsibilities
- Lead and coordinate incident response activities, including triage, containment, eradication, and recovery.
- Perform in-depth investigations of security incidents using forensic and analytical tools to determine root causes and attack vectors.
- Develop, maintain, and enhance incident response playbooks and procedures, aligning them with industry standards and best practices.
- Collaborate with CPX clients and internal teams to define and improve incident response protocols and provide expert guidance during incidents.
- Deliver post-incident reviews, root cause analysis, and detailed incident reports with actionable recommendations.
- Continuously monitor cybersecurity trends, threat intelligence, and emerging threats to strengthen detection and response strategies.
- Facilitate tabletop exercises, simulations, and training sessions to boost incident response readiness across teams.
- Validate escalated alerts from Tier 1 SOC Analysts and perform second-level analysis and triage of critical security incidents.
- Identify vulnerabilities in software, hardware, and network infrastructure and provide mitigation strategies.
- Analyze and communicate risks and threats to stakeholders in a clear and actionable manner.
- Coordinate with stakeholders to verify and respond to high-severity alerts and ensure timely resolution.
- Investigate log files, network traffic, and system artifacts to identify indicators of compromise and attacker activity.
- Monitor external intelligence sources (e.g., Threat Intelligence feeds, AE-CERT) to assess threat impact and relevance.
- Conduct threat hunting and data correlation across diverse data sources to detect advanced persistent threats.
- Provide recommendations for SIEM content development, tuning, reports and dashboards.
Skills & Knowledge
- Related security certifications (i.e. CCNA, Network+, Security+, Azure Sentinel, CISSP, CISM, GICSP, GCIH, GCIA, GRID)
- Min 8-10 yrs. experience one or more of the following:
- Skilled in identifying trends and patterns from analysing host-based, network-based security logs
- Used network investigation tools such as Wireshark, and any other open-source tools such as ELK, Rekall, Ghidra, FlareVM, to analyze log sources/memory/malware to understand intrusion vectors and attacker tactics, techniques and procedures
- Provide support and guidance to improve security requirements for the security operations
- Experience with Windows/Linux/Unix, understanding of NIDS/HIDS
- Monitoring of SIEM alerts with tools such as Splunk and EDR solutions
- BS or MS in Information Security / Computer Science / Electrical Engineering or related field
Characteristics
- Excellent communication skills: written, verbal, and interpersonal.
- Strong team player with a customer service orientation, ability to forge relationships at all levels of the company and across diverse cultures.
- Ethical, honest, fair, and with high integrity.
- Excellent organizational and time management skills required.
- Exhibits ownership of projects and assigned tasks.
- Has an in-depth understanding of the incident response process, analysis, alerts, rules, etc.
- Highly analytical, strong problem-solving skills, and ability to thrive in an energetic, fast paced, high growth security team environment.
- Must be able to pass all security clearances
- Quickly owns and handles tasks accurately, highly dependable, and self-motivated.
