Security Operations Center Analyst

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. In order to address the most critical needs of our clients, RSM US LLP established the Cyber Risk and Data Protection group, comprised of more than 170 professionals dedicated exclusively to serving the cybersecurity needs of our clients. This group includes experienced consultants located throughout the United States and Canada dedicated to helping clients with preventing, detecting, responding and recovering to security threats that may affect their critical systems and data. We serve a diverse client base within a variety of industries, and we are relied upon to provide expertise across the full suite of security and privacy capabilities including managing the daily activities associated with our clients’ security operations. We are seeking individuals with an interest in working in the field of cybersecurity and a desire to help organizations improve their operations to join our team and help run the ongoing security operations for RSM clients in a variety of industries and geographic locations. Successful candidates will have working knowledge in some or all of these areas – IT operations, security monitoring, Active Directory, Cloud technologies. At RSM, analysts work with large and small companies in variety of industries. They develop strong working relationships with their peers within the security operations center (SOC) while learning their clients’ businesses and challenges facing their organizations. Analysts work as part of a broader team under the direction of more senior analysts, shift leads and SOC managers in support of multiple clients. Working in a mutually respectful team environment helps our analysts perform at their best and integrate their career with their personal life. You will have the opportunity to: Investigate security incidents using SIEM tools, automation and other cybersecurity technologies (i.e ServiceNow, Stellar Cyber, SentinelOne, Microsoft Defender for Endpoint, ELK Stack, Virustotal, Passive DNS) Analyze, escalate, and assist in remediation of critical information security incidents Improve and challenge existing processes and procedures in a very agile and fast-moving information security environment Process IDS alerts and identifying incidents and events in customer data. Setup and execution of vulnerability scans (Tenable/Nessus) Read/interpret outputs from vulnerability scans Perform initial analysis and investigation into alerts as they are seen Performing initial basic malware analysis utilizing automated means (static and dynamic sandbox analysis or other available tools) Incident intake, ticket updates and reporting of cyber events and threat intelligence Understanding, identifying and researching indicators of compromise (IOCs) from a variety of sources such as threat intelligence reports and feeds Writing incident reports, process documentation, and interact with customers if needed. Transcribe and implement atomic indicators into a monitoring environment. Consume policy documentation and determine applicability in a network. Work with protocols at layers 2 and higher in the OSI model, to include ARP TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use well-known ports. Open to working shifts in a 24x7 operations environment