SOC Analyst II
Volterra
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
About the F5 and Global Cyber Defense Intelligence Team
F5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to optimize and secure every app and API anywhere, including on-premises, in the cloud, or at the edge. F5 Global Cyber Defense Intelligence Team (GCDI), is part of F5 CISO function implements security countermeasures, manages enterprise-wide cyber incident response and conduct digital forensic, e-Discovery investigation and providing 24/7 security monitoring to ensure security of F5. The team is looking for highly skilled and talented Security SOC Analyst II, who can help us to support, transform, drive and scale critical Cyber Defense program with in F5.
Position Summary:
As a Security Analyst II you will work closely with a team of Security Engineers, Incident response manager and Cyber threat intelligence team to detect and prevent cyber-attacks across F5. The Analyst will have a strong passion for cyber security and its best standards. Candidate should have strong analytical and decision making, process improvement strategies, mentorship qualities, and organization wide collaboration. Highly organized, super curious, and thrive in an environment where priorities shift fast. This is a security detection/respond team operate on 24/7.
Primary Responsibilities:
Responsible for upholding F5’s business code of ethics and promptly reporting violations of the code or other company policies.
Follow F5’s enterprise information security policies and protect, detect, and remediate information assets from unauthorized access, disclosure, modification, destruction, or interference.
Ability to triage and handle security alerts from SIEM and other security monitoring solutions.
Perform investigations leveraging security platforms such as SIEM, EDR, DLP, Email threats detection solutions and cloud platforms such as Azure, AWS and GCP.
Coordinate and support incident response activities, external attack investigations, Insider threat investigations and digital forensic investigations.
Ability to perform threat hunting for known and unknown threats in F5 environments based on available threat intelligence reports and knowledge of the attackers TTPs.
Ability to apply analytical and technical skills to investigate cyber intrusions, detect malicious activity and potential insider threats, and perform incident response.
Correlate events from multiple log sources to detect and disrupt threat actor by detecting unknown threats.
Ability to work with SOC manager and support in drafting incident analysis report.
Provide timely investigation updates to SOC manager
Ability to prepare process driven playbook/runbook for cyber threat investigations.
Ability to automate cyber response tasks to ensure seamless security operations.
Propose risk mitigating strategies to SOC manager, advise on acceptable mitigating controls and ensure they are documented.
Strong knowledge on cyber investigations, eDiscovery and digital forensics, malware analysis, Network attacks, phishing attacks, cloud attacks, DLP and Web application attacks.
Required Skills & Knowledge:
Over 4+ years of cybersecurity experience within a security operations environment.
Prior experience in working in a large-scale security operation centre preferably in technology industry.
Experience in handling daily operations of the SOC security team, including alert triage, incident response, investigations, and threat management.
Experience with 24/7 security operations centres or cyber-Defense centre
Bachelor’s degree in information systems, MIS or related technical degree and 4+ years of experience in Cyber Security Incident Response /Threat Hunting/Digital Forensics.
Comfortable taking Lead role during security events and incidents
Hands on experience with managing SIEM, SOAR, M365, AAD, Email security, EDR, Cloud SIEM, DLP, CSPM, IAM, PIM, CTI platforms and Net gen Firewalls etc.,
Strong understanding on operating systems: Windows, Linux and/or Mac at a filesystem level and familiarity with MITRE ATT&CK framework.
Detecting anomalous system activities, Lateral movements, living-off-the-land, persistence establishment mechanisms and potential intrusions.
Highly motivated, independently driven with good interpersonal skills, both written and verbal; mindfulness and phenomenal organizational and time management skills.
Ability to research and characterize security threats including crafting right countermeasures.
Demonstrated record of finding and pursuing strategic and complex areas of security research in collaboration with internal and external partners at all levels, to include defining right policies, practices, and countermeasures.
Preferred certifications:
Good to have SANS GCIH, GCIA, SANS GCFA, SANS GCFE, CEH, Blue team certifications or other industry-relevant cyber-security certifications are a plus.
Certified experience related to Incident Response, Threat Hunting, Cloud security or Digital Forensics
Qualifications:
Bachelor’s degree in computer science or information systems, MIS or related technical degree with 4+ years of experience in Cyber Security Operations/ Incident Response /Threat Hunting/Digital Forensics.
Ability to inspire change through effective leadership, communication, planning, and execution.
Capable of translating broad targets and aims into a detailed list, setting priorities for yourself and others, and achieving goals.
Knowledge and ability to delivery organizations to key performance indicators.
Able to clearly communicate sophisticated technical issues to larger audience at varying levels.
Ability to work in a highly collaborative team environment.
Able to read, write, and speak English fluently, including complex technical concepts.
Solid skills in MS Visio, Lucid chart, MS Office apps and with standard professional applications.
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.