Security Operations Center Analyst – Tier III (SOC)

Description

 Position Title: Security Operations Center – Tier III  (P4)

Company Summary 

Crown Castle is the nation’s largest provider of shared communications infrastructure: towers, small cells and fiber. It all works together to meet unprecedented demand—connecting people and communities and transforming the way we do business. Whenever you make a call, track a workout or stream music and videos, we’re the ones providing the communications infrastructure that makes it all possible. From 5G and the internet of things to drones, autonomous vehicles and AR/VR, we enable the technologies that help people stay safe, connected and ready for the future.   Crown Castle is publicly traded on the New York Stock Exchange (CCI), is part of the S&P 500 and is one of the largest Real Estate Investment Trusts in the US.       

We offer a total benefits package and professional growth development for teammates in any stage of their career. Along with caring for our teammates, we’re an active member in the communities where we live, work and do business. We have a responsibility to give back, which we do through our Connected by Good program. Giving back allows us to improve public spaces where people connect, promote public safety and advance access to education and technology. 

Role

Under the leadership of the Manager, Security Operations Center (SOC), the SOC Analyst – Tier 3 (SOC3) will ensure delivery of the highest level of service in the support of conducting security event monitoring and analysis as well as incident response. Responsibilities will include the day-to-day (24×7) operations to include the application of analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. The SOC3 will also work other SOC and threat management staff with development and enhancement of existing detection and response capabilities including creation of SIEM content, IDS rules, SOP documentation, and implementation of security platform controls and incident response methodologies.

Essential Job Functions

  • Perform operational ‘eyes on glass’ real-time monitoring and analysis of security events from multiple sources including but not limited to events from SIEM monitoring tools, network and host-based intrusion detection systems, firewall logs, system logs (Unix & Windows).
  • Conduct active and passive analysis of network traffic, operating systems, and host activity across all technologies and platforms, through security tools and sandbox environments.
  • Perform incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.
  • Design, deploy, and validate automations.
  • Design, deploy, and validate security configurations.
  • High understanding of processes related to threat correlation and mitigation.
  • Process SOC tickets as well as assist in processing IT Security Help desk tickets.
  • Responsible for responding to security incidents (malware infections, unauthorized access, malicious emails, DDoS attacks) and elevating to Threat Management team as needed.
  • Analyze security event logs and alerts to determine validity, priority and impact against both security threat best practices and corporation policies.
  • Evaluate the type, nature and severity of security events with a range of security event analysis tools.
  • Works with Senior Enterprise Security staff as well as the Computer Security Incident Response Team on a day-to-day basis.
  • Experience leading as an Incident Response Commander
  • Documenting security investigations through standard procedures:
    • Recording full SOC Analyst response through remediation actions
    • Completing a security AAR
    • Completing a risk assessment as required
  • Experience organizing and conducting Threat Hunting campaigns.
  • Assist in defining and maintaining protocols and maturing ‘playbooks’ of operational response to cyber threats.
  • Develop and maintain policies, processes, and procedures to ensure reliable and effective SOC operations.
  • Collaborate across organizational lines and develop depth in cyber security discipline and technologies

Education/Certifications

  • Bachelor’s degree in IT or Computer Security or comparable years’ experience.
  • Have or working towards at least one of the following certifications: CISSP, CCE, PMP, GSEC, CCNA Cyber Ops, CISF-GIAC Information Security Fundamentals, CISM, CRISC, Security+, CEH and GISF

Experience/Minimum Requirements

  • 5+ years of experience in IT Security monitoring
  • Tier 3 incident response experience
  • Experience in SIEM event auditing, log review, threat hunting, and incident response
  • IT experience in SIEM with a concentration on Linux. Windows and Linux System administration preferred
  • Monitor and access applications, systems, and tools that retain all or some data related to customers, financial information, or personally identifiable information (PII). Subject to local and state eligibility, a pre-employment background check will be conducted for criminal convictions, including misdemeanors and felonies related to fraud or violence. A credit check may also be conducted. 

 Other Skills/Abilities

  • Demonstrates a profound sense of ethics, integrity, and confidentiality
  • Finds common ground and viable solutions to complex problems in a compelling manner while maintaining a professional composure
  • Influences across a diverse discipline in a collaborative, risk aware manner
  • Organized, responsible and highly thorough problem solver
  • Proven ability to create and build new processes
  • Great verbal and written communication skills and attention to detail
  • Self-starter who can work independently as well as in a team setting
  • Works well with people from different areas of the business
  • Ability to simplify complex technical topics
  • Ability to learn, understand, and apply new technologies
  • Ability to design and implement effective policies to achieve consistent team results.
  • Demonstrates a “learning agility” to remain current in subject matter expertise
  • Experience documenting enterprise security events
  • Navigate ambiguity; Is adaptable to, and champions change
  • Giving and receiving effective feedback across all interactions                              

Organizational Relationship

Reports to:  Manager, Security Operations Center

This is a remote role with the expectation of on-site/in-person collaboration with teammates and stakeholders for moments that matter and may require up to 5% travel.

The hiring range offered for this position is $106,160 – $132,700 annually. In addition to salary, employees are eligible for an annual bonus of up to 20% of annual salary and restricted stock. Employees (and their families) are eligible for medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan. Employees will also receive 18 days of paid time off each year and 12 paid holidays throughout the calendar year.

Pursuant to the Los Angeles County and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records


Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)