Description:
Cybersecurity SOC Analyst
About Your Role
As a member of Fiserv’s Cybersecurity Incident Response Team (CSIRT), you will support investigation and response activities for cybersecurity events across the global enterprise environment. You will focus on the preliminary identification, triage, and analysis of potential cyber security incidents and review suspicious emails, analyze logs, investigate network traffic and endpoint activity, and escalate confirmed incidents to Tier 2 incident handlers. You will be required to work in a shift which includes work on holidays, nights, & weekends.
What You Will Do
- Monitor and triage security alerts and events generated by enterprise security tools, escalating validated or high-risk activity in accordance with established playbooks and service level targets.
- Perform initial investigation of suspicious activity across endpoint, network, identity, email, cloud, application, and system log sources.
- Analyze and investigate data in the SIEM/SOAR that originated from EDR, firewall, proxy, intrusion detection/prevention, email security, and other monitoring platforms to determine severity, impact, and required response actions.
- Document investigations, findings, actions taken, and escalation details in the case management system with clear, complete, and timely notes.
- Follow shift handoff procedures and communicate open issues, emerging threats, and significant events to team members and incident handlers.
- Contribute to continuous improvement by identifying recurring false positives, process gaps, and opportunities to improve alert quality, runbooks, and analyst efficiency.
- This position requires the ability to work a shift schedule and support coverage efforts on a 24x7x365 (follow-the-sun model) basis which includes work on holidays, nights, & weekends.
What You Will Need To Have
- 1-2 years experience in cybersecurity operations, incident response, security monitoring, IT operations, networking, or a related enterprise technology environment.
- Ability to support a 24x7x365 operating model, including day, evening, weekend, or holiday shifts as assigned.
- Foundational knowledge of network protocols, operating systems, enterprise architecture, and common log sources used in security investigations.
- Basic understanding of incident response processes, alert triage, threat indicators, and cyber security attack techniques.
- Ability to prioritize work, follow documented procedures, and make sound decisions in a fast-paced operational environment.
- Self-motivated, Detail-oriented, and able to collaborate effectively as part of a cross-functional team in a fast-paced, high-impact operational environment.
- Strong critical thinking skills, strong puzzle-solving ability and an investigative mindset to analyze complex activity, connect related indicators, and identify potential security incidents.
- Bachelor’s degree in cyber security, information technology, computer science, or a related field preferred; equivalent practical experience may be considered.