Role Description ECS is seeking a Senior SOC Analyst (SOC Lead) with demonstrated experience supporting the development of processes, procedures, and automations to rapidly ingest, aggregate, correlate, normalize, analyze event messages to absurdly identify and respond to Indicators of Compromise (IoCs). The ideal candidate is a critical thinker and perpetual learner who is excited to solve some of our clients’ toughest challenges. To be successful the candidate must have experience working in a mature 24x7x365 Security Operation Center. Shift schedule: Mon-Friday, 8AM-4PM ET (subject to change) Responsibilities - Provides subject matter expertise for monitoring and managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the Security Operations Center. - Ensures all security incidents are tracked and documented appropriately. - Continuously monitors SIEM and on-premises infrastructure/cloud applications for security events to threats & intrusions, including: - SIEM alert queue - Phishing email inbox - Intel feeds via email and other sources (i.e., US-CERT, MS-ISAC) - Incident ticketing queue (Resilient tickets) - Ensures the SOC manager stays informed of any issues or incidents. - Coordinates with SOC staff to conduct incident/policy violation investigations, report infractions, eradicate/mitigate/remediate Indications of Compromise (IoC), and perform continuous monitoring functions. - Leads root cause analysis and post-mortem dialogue after significant events to capture lessons learned and define process or technology improvements. - Owns the successful completion of all daily operational processes and procedures. - Develops and maintains standard operating procedures (SOPs), technical playbooks and operational run books to support SOC operations and incident response activities. - Conduct follow-up meetings of escalated or noteworthy cases and modifies SOPs and playbooks based on policies, standards and best practices learned from previous cases. - Works in conjunction with SOC and infrastructure management teams to administer and manage the SOC security technologies. - Evaluates Common Vulnerabilities and Exposures (CVE) as a potential internal/external attack vector, develop recommendations to eliminate vulnerability/weakness if present. - Work closely with Cyber Threat Intel to provide information on detection patterns for new upcoming threats. - Oversees threat hunting initiatives and reviews hunt reports that are provided by SOC analysts. - Provides training and mentorship to SOC analysts to improve the incident handling capabilities. - Provides guidance for all internal stakeholders for reporting and visualizations that supports SOC goals and objectives to identify and correct gaps. - Reconfigures analytic objects (e.g., fields, extractions, tags, event types, lookups, workflow actions, aliases). - Develops reports for operational activities to meet SOC and cybersecurity leadership requirements and directives. - Provides extensive knowledge of cybersecurity, incident response, digital forensic analysis and educate personnel on effective SOC searches, reporting, and visualization development. - This role involves shift work schedule to support our 24/7 operation, including weekends and holidays. Candidates must be flexible in their availability. While we make every effort to accommodate individual preferences, it's essential to understand that specific shift requests are not guaranteed and are assigned based on operational needs. Qualifications - 5+ years of experience in cybersecurity operations & incident response, with at least 3+ years in a SOC environment and 2+ years in a leadership role. - Ability to interpret complex cybersecurity topics and effectively communicate or present information to various groups of stakeholders (Executives, SOC, etc.). - In-depth knowledge of SIEM technologies (i.e. QRadar, Splunk), EDR (i.e. CrowdStrike), IDS/IPS, malware analysis, and vulnerability management tools (i.e. Tenable). - Experience leading and mentoring junior analysts. - Experience with two or more analysis tools used in a CIRT or similar investigative environment. - Ability to analyze and triage IoCs. - Proven understanding of computer and network fundamentals. - Ability to perform in-depth research tasks and produce written summaries to include insights and predictions based on an analytical process. - Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs). - Industry-recognized certifications, such as CISSP, CISM, GIAC, or CEH, are preferred. - Excellent leadership, written and oral communication skills, and problem-solving skills. - Ability to handle high-stress situations with a calm and methodical approach. Requirements - Salary Range: $135,000 - $150,000 Benefits - General Description of Benefits

• Realizar a primeira linha de monitoramento dos sistemas, identificando alertas e eventos suspeitos; • Analisar alertas de segurança de acordo com procedimentos predefinidos, buscando por padrões e correlações; • Elaborar relatórios simples sobre as atividades de monitoramento e incidentes; • Elaborar relatórios de auditoria e revisão das consoles de segurança e de vulnerabilidades técnicas; • Prestar suporte técnico aos usuários, clientes e outras equipes, nos itens de responsabilidade do SOC e acionar equipes de apoio quando necessário; • Responder incidentes de baixa e média complexidade; • Elaborar e manter documentações dos processos internos de SOC e das consoles de segurança; • Atuar em melhorias e atualizações nas ferramentas de segurança do ambiente.

• Operate and manage the Darktrace Network Detection and Response (NDR) solution dedicated to a Teltec client. • Perform continuous monitoring of alerts and detections generated by the platform, conducting initial analysis and enrichment of identified events. • Investigate suspicious activities and potential threats identified in network traffic using the analytical capabilities of the NDR solution. • Manage and optimize policies, detection rules, exceptions, and tool configurations to ensure maximum operational effectiveness. • Support security incident response processes by providing technical evidence, context, and recommendations for containment and remediation. • Continuously tune the platform to reduce false positives and improve detection quality. • Develop and maintain technical documentation, operational procedures, and playbooks related to the tool’s operation. • Prepare technical and executive reports including indicators, trends, identified threats, and recommendations for improving the monitored environment. • Serve as the technical focal point for the client on NDR-related matters, leading operational and technical alignment meetings. • Support continuous improvement initiatives by proposing new detections, use cases, and monitoring strategies to increase visibility and security maturity. • Collaborate with SOC, MDR, Network, and Infrastructure teams to investigate, validate, and handle security events identified by the platform.

Role Description Ingeniero de sistemas o áreas afines, quien brindará soporte a cliente específicos, apoyando a la revisión y modificación de reglas de monitoreo, atendiendo y presentando reportería a nuestros clientes. - Investigar eventos e incidentes reportados por el equipo SOC para recopilar evidencia, profundizar y analizar de manera integral y consistente las alertas de seguridad para ser reportadas al cliente. - Identificar los falsos positivos comunes y hacer sugerencias para el afinamiento de las plataformas de detección con el objetivo de reducir la fatiga por alertas. - Realizar afinamiento de reglas de detección y construcción de casos de uso para la detección de amenazas y comportamientos maliciosos en las plataformas de detección del SOC. Qualifications - 1 año como SOC Specialist en nivel Junior o experiencia equivalente al puesto. - Ingeniero de sistemas o áreas afines. Requirements - CSAL - Certification SOC Analyst Level 1 - IC - Introduction to Cybersecurity - ICF - IT and Cybersecurity Foundations - Security+, deseables u otros que puedan tener. - Ingles intermedio.