Salary:

About Difenda

Difenda is a Sec-Ops-As-A-Service company that takes a cybersecurity-first, Microsoft-only approach to solving today's toughest cybersecurity challenges. We deliver 24/7/365 security operations, powered exclusively by Microsoft's Security product platform. Difenda was one of the first MSSPs to join the Microsoft Intelligent Security Association (MISA). We are a Microsoft Solutions Partner for Security, Microsoft MSSP, achieved MXDR solution status, and hold Microsoft Specializations in Threat Protection and Cloud Security.

At Difenda we relentlessly defend our customers against cyber risks and deliver outcomes through innovative cybersecurity services. Difenda's modular approach to managing security services meets customers where they are in their SecOps journey and helps them scale as they grow. Our customer-obsessed and outcome-driven mission helps customers maximize on their Microsoft Security investments to improve ROI. The Difenda Shield goes beyond security tool integration for end-to-end security coverage providing a consolidated and simplified view of the entire cybersecurity environment.

We are real people with real solutions. Our values guide the way we work with our business partners, within our communities, and with each other. Through passion, humility, accountability, inclusivity, and agility, we have created a diverse community culture where innovation is at our core, people can grow, and success can flourish. Difenda is recognized as a Great Place to Work for Inclusivity, Technology and Today's Youth.

That's the Difenda Difference.

Job Brief

The SOC team is a group of highly valued professionals within the Cyber Command Center (C3) recognized for their dedication to seamless 24x7x365 security incident response. They are an integral component of delivering reliable managed security services.

The SecOps Analyst shall have knowledge of, and experience in incident response techniques, incident response life cycle, threat hunting methodologies, malware analysis and threat intelligence. They will perform advanced incident triaging and investigation of adversary Tactics, Techniques, and Procedures (TTP), malicious code, and related capabilities. They provide cyber threat intelligence analysis for briefing and reporting. The SecOps Analyst serves as the expert who is responsible for providing incident response expertise and intelligent technical support to assigned customers.

Key Responsibilities:

The primary focus of the SecOps Analyst is to triage security incidents and eradicate threat actors from enterprise networks along with providing recommendations for remediations. They are responsible for analyzing, identifying and hunting threat actor groups and their techniques, tools and procedures.

Job Responsibilities:

• Analyze and identify cyber threat activity based on their known techniques, tactics, procedures (MITRE ATT&CK Framework)
• Analysis of host-based and network-based security alerts, responding to potential threats and vulnerabilities
• Monitor, correlate, identify, analyze, mitigate, manage, track and support processes for all security incidents
• Perform investigation of intrusion attempts and in-depth analysis of indicators of compromise (IoC) from several log sources
• Perform initial triage on security events populated in the ticketing system, and investigation and escalation of these events where applicable.

• Manage security events throughout the incident response life cycle
• Support the development of advanced Security Information and Event Management (SIEM) rules and alerts to detect adversary techniques, tactics, and procedures by providing tuning recommendations based on day-to-day monitoring and customer feedback experiences
• Analyze a variety of security logs (Firewall, EDR, Syslog, Email, CASB, etc.) to determine the impact of a security event and appropriate escalation procedures
• Coach and support other Threat Hunters to improve Difenda's identification, analysis, breach detection, and response
• Independently follow procedures to contain, analyze, and eradicate malicious activity

• Document all activities during an incident and provide leadership team with status updates during the life cycle of the incident
• Create final incident reports detailing the events of an incident
• Support the development of processes and procedures to improve monitoring, analysis, detection, incident response times, and overall C3 operations
• Promote a consistent delivery of Security Operations Center services through the habitual capture and reuse of the documentation within the SOC knowledgebase
• Foster trust and positively contribute to the Difenda culture by exhibiting open, honest and collaborative qualities in all interactions

Required Skills:

Strong working knowledge of:

• Intrusion detection, Threat hunting and Continuous Monitoring

• Incident response life cycle and techniques
• Networking Security fundamentals
• Security technology (Firewalls, IDS/IPS, EDR, etc.)
• SIEM (Splunk, Microsoft Sentinel, Elastic)
• Microsoft Defender Security Toolsets
• MITRE ATT&CK Framework, cyber observables, and indicators of compromise (IoC)

Required Competencies:

• Ability to quickly learn new and complex concepts

• Strong analytical skills, problem solving, conceptual thinking and attention to detail
• Organized, proactive, and requiring minimal management oversight
• Outstanding written skills for preparing reports and briefings
• Excellent interpersonal, verbal, and written communication skills across multiple levels of the organization
• Displays a sense of ownership and exhibits flexibility, resilience, and resourcefulness

Work Experience:

• 1 year of recent operational security experience (Security Operations Center (SOC), Incident Response, Malware Analysis, IDS/IPS Analysis, etc.)
• Exposure to security event analysis and threat hunting

• Experience with Endpoint Detection and Response (EDR) Technologies

Education:

• Formal education (College or University) in an IT Security related program or working experience in an IT field with additional security related training/education

Certifications:

Existing certifications are an asset. A formal requirement for mandatory ongoing certification will exist upon joining the Difenda team.

• SC-200: Microsoft Security Operations Analyst

• SC-400: Administering Information Protection and Compliance in Microsoft 365 or AZ-500: Microsoft Azure Security Technologies

remote work