Tier Two SOC AnalystReq # JR - 013522 Location Guadalajara, Jalisco, Mexico Job Category Information Technology Date posted 12/27/2019
Are you looking for a career that matters?
We believe every person deserves a chance for a healthy life, free from illness and full of possibility. We see a world full of healing, with viable care options available to those with limited choices today. We envision new ways of providing physicians, pharmacists and nurses with technologies that not only treat chronic diseases, but also work to prevent them. We’re looking for team members who are motivated to learn, grow and innovate, while making a meaningful difference for millions of people around the world.
Learn more about how Baxter is At the Intersection of Saving and Sustaining Lives.
Tier Two SOC Analyst
Baxter is an 85-year-old global healthcare solutions company focused on saving and sustaining lives. Our products touch the lives of millions of people around the world every day. The Tier Three SOC Analyst is a member of a Global 24X7 Security Monitoring and Incident Response Team (GSMIR) responsible for monitoring and responding to cyber security incidents occurring in offices, lab environments or production plants around the world. The GSMIR team uses a blend of leading security tools to monitor for suspicious activity and perform investigations to determine if a security incident has occurred. This team works closely with our Offensive Security Team, System owners and other IT staff around the world to further cyber security incident investigations in addition to coordinating containment and remediation efforts.
The primary purpose of this position is to prioritize and coordinate investigations within their shift on the IR team in addition to providing a higher level of cyber security technical skills and understanding to the security monitoring, investigation and incident response processes. This position requires shift work and on-call duties in support of 24X7 coverage for global security monitoring and incident response. Overtime could be necessary to support activities during crisis situations.
Duties and Responsibilities
- Responsible for working in a Security Operation Center (SOC) environment;
- Requires shift work and on-call duty;
- May Require overtime during crisis situations;
- Responsible for analyzing network traffic to identify anomalous activity and potential network threats;
- Responsible for performing event correlation using information from a variety of security tools;
- Responsible for triaging and investigating security events using multiple security tools to determine if a security incident has occurred;
- Responsible for escalating security incidents appropriately for support or remediation;
- Responsible for communicating and coordinating with GSMIR team members, leadership and other Baxter technology teams around the world in support of further investigation and remediation efforts;
- Responsible for documenting security event and incident investigation findings;
- Responsible for providing Incident Response (IR) support when analysis confirms actionable incident;
- Responsible for completing daily summary reports;
- Coordinate and guide L1 analysts and the workflow of investigations;
- Mentor and train L1 analysts;
- Work with the Security Monitoring & Incident Response Global Team Leader to align the IR team with strategic Information Security efforts;
- Coordinate resources with other Baxter Security Operations Teams to further investigations;
- Provide use case tuning and development;
- Ability to handle communications with Security Operations Leadership and the Baxter Incident Coordinator;
- Assemble relevant reporting and structured communications;
- Other duties as assigned.
- Bachelor's degree in a related field or equivalent demonstrated experience and knowledge;
- 7+ years of experience with cyber security incident investigations;
- Competent understanding of various security methodologies and processes, and technical security solutions (firewall, intrusion detection systems, email security solutions, & endpoint security solutions);
- Proficient in TCP/IP Protocols, network analysis, and network/security applications;
- Competent understanding of common malware attacks, tactics, command & control strategies;
- Must work well in a team environment;
- Must have SIEM experience;
- Ability to multi-task, prioritize, and manage time effectively
- Strong attention to detail;
- Excellent interpersonal skills and professional demeanor;
- Excellent English verbal and written communication skills;
- Excellent customer service skills;
- Excellent in Microsoft Office Applications;
- Basic understanding of Email architecture and header data;
- Industry certifications nice to have: OSCP, GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH, CISSP, CISM
Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please send an e-mail to Americas_TTA@baxter.com and let us know the nature of your request along with your contact information.