Security Operations Center (SOC) Analyst II (1st Shift)
Blue Cross Blue Shield of Arizona is a local, independent Blue Cross Blue Shield Association and a not-for-profit health insurance company headquartered in Phoenix. Founded in 1939, the company has more than 1,800 dedicated employees throughout its Phoenix, Tucson, Chandler and Flagstaff offices. Providing health insurance products, services and networks to more than 1 million Arizonans, Blue Cross Blue Shield of Arizona offers various health plans for individuals, families, and small and large businesses. Blue Cross Blue Shield of Arizona also offers Medicare supplement plans to individuals over age 65.
Blue Cross Blue Shield of Arizona helps to fulfill its mission of improving the quality of life of Arizonans by delivering a variety of health insurance products and services to meet the diverse needs of individuals, families, and small and large businesses as well as providing information and tools to help individuals make better health decisions.
Purpose of the Job
The SOC Analyst is part of team that provides 24x7 security monitoring and incident handling. This includes monitoring, reporting, coordination and escalation, where applicable, of events and tracking. The SOC Analyst is responsible for providing effective security monitoring and incident response through triage, investigation, communication, and reporting. Perform real-time log analysis to provide network and data security. Evaluates the type and severity of security events by making use of packet analyses, and in-depth understanding of exploits and vulnerabilities. Work in a team environment and monitor the health and wellness of network and security devices within the SOC.
Essential Job Functions and Responsibilities
Level 1 - Performs job functions under close supervision or peer review
- Receive Security Certification with 1st year of employment.
- Collaborate with IIS engineering staff to ensure effective and reliable operation of security software and systems for fulfilling business objectives and processes using a varied and evolving toolset.
- Work in partnership with other development, infrastructure and IIS engineering teams to recommend ways to minimize or remediate vulnerabilities.
- Provide analysis and trending of security log data from a large number of heterogeneous security devices
- Provide Incident Response (IR) support when analysis confirms actionable incident
- Investigate, document, and report on information security issues and emerging trend
- Integrate and share information with other analysts and other teams
- The role is responsible for assessing and maintaining the IT security posture of BCBSAZ by applying data/information collected from to security and other monitoring tools to BCBSAZs enterprise
- Research, analyze, track and resolve, often in partnership with other IT teams, security alerts, notifications and incidents.
- Perform/assist with security audits and processes in accordance with broader IT and corporate strategies.
- Assist/coordinate and perform tests for modified and new systems.
- Monitor and test system behaviors; prepare and deliver system performance statistics and reports.
- Participate in a variety of security related projects as technical or educational resource
- Review and analyze violation reporting with follow-up as necessary.
- Other duties as assigned
Level 2 - Performs job functions with general supervision
- Evaluate security risk assessments of new systems and upgrades to determine impact to information security
- Weigh business needs against security concerns and articulate issues to management.
- Participate in addressing on-going security needs as part of system/software development processes.
- Facilitate and/or create new procedures and processes that support advancing technologies or capabilities.
- Evaluate high-level project information and assess project components to forecast work effort required
- Provide threat and vulnerability analysis as well as security advisory services
- Identify opportunities to improve procedures and processes that support the adoption of electronic capabilities
- Participate or leads small to medium scoped projects
Level 3 - Performs job functions with minimal supervision
- Act in leadership role in guiding security incident response efforts as they occur.
- Serve as primary operational contact for internal / external customers when needed or in absence of Manager
- Ensure Service Level Agreements between department and operational or technical areas are met
- Provide peer-level review and mentoring to level 1 and 2
- Participate and/or lead large- or complex-technical projects
- Lead, develop and mentor staff by providing opportunities for growth through delegation, training, and assignment to various project teams
- Inform the manager of any issues impacting the efficient and effective performance of the department including system, resource, and informational barriers; Provides timely feedback to team member on performance
- Assist the manager in the day-to-day operations of the department
- Each progressive level includes the ability to perform the essential functions of any lower levels and mentor employees in those levels.
- The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements.
- Perform all other duties as assigned.
- Participate in on-call rotation
BCBSAZ does not discriminate in hiring or employment on the basis of race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected group.
Skills / Requirements
Required Work Experience
Experience in information technology or computer systems
Experience in SOC or comparable InfoSec position
Experience in project management
- High-School Diploma or GED in general field of study (All Levels)
Preferred Work Experience
- 5 - 15 years of experiences of supporting enterprise system solutions
- 3 - 5 years of experience working in a SOC
- 3 - 5 years of experience supporting high level productions system environments with security emphasis
- Bachelor’s Degree in Computer Science, Information Systems, Business, or related field (All Levels)
SANS GIAC Certified Enterprise Defender (GCED), Incident Handler (GCID), Forensic Analyst (GCFA) , ISC2 Certified Cyber Forensics Professional (CCFP), EC-Council Certified Security Analyst (ECSA), Certified Network Defender (CND), Certified Information Systems Security Professional (CISSP), CompTIA Security+, or any security related certification.
Required Job Skills (Applies to All Levels)
- Experience in the use of - IPS/IDS tool(s), Antivirus Software, Web Filtering Software, Familiarity with attack methodologies (identifying and remediation), and familiarity with Security Domains and Strategies.
- The ability to work across team boundaries to help secure the compute environment by designing system configuration; defining, documenting, and enforcing system security standards.
- The role requires a knowledge of cyber security fundamentals as applied at an enterprise level.
- Maximizes system / application security by monitoring application, network and generalized system events; researching system / application events and patterns; collaborating with supporting IT server, network, storage, DBA and development personnel.
- Enforcing policies; defining and monitoring standards and methodologies, often in collaboration with other IT teams.
- Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Accomplishes information systems and organization mission by completing related results as needed.
- Reporting system and application operational status by gathering, prioritizing information; managing projects
- Automation and Scripting skills
Required Professional Competencies (Applies to All Levels)
- Strong analytical skills to support independent and effective decisions
- Ability to prioritize tasks and work with multiple priorities, sometimes under limited time constraints.
- Perserverance in the face of resistance or setbacks.
- Effective interpersonal skills and ability to maintain positive working relationship with others.
- Verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
- Systems research and analysis. Ability to write and present information security training documentation
- Demonstrate the ability to stay current on global threats and vulnerabilities.
- Knowledge of business requirements development and user acceptance testing.
- Maintain confidentiality and privacy
- Analytical knowledge necessary to generate reports based on available data and then make decisions based on reported data
Required Leadership Experience and Competencies
- Ability to build effective working relationships with a diverse team in an ever-changing environment
- Facilitate and resolve customer requests and inquiries for all levels of management within the Corporation
Preferred Job Skills (Applies to All Levels)
- Strong knowledge, including hands-on experience with a variety of security monitoring and analytical tools.
- Excellent knowledge of systems monitoring, monitoring concepts, monitoring implementation and reporting.
- Scripting/coding skills
- Ability to perform data analysis – reading, aggregating and interpreting log data from multiple tool sets. Advanced skill in use of office equipment, including copiers, fax machines, scanner and telephones
- Advanced experience with NIST Standards, ISO 27002/BS7799 and COBIT.
- Advanced knowledge of Microsoft Applications and Suites, Windows Server, SharePoint, and Microsoft SQL databases.
Preferred Professional Competencies (Applies to All Levels)
- Advanced systems research and analysis expertise
- Ability to build lesson plans and deliver lessons to junior team members.
- Solid project management skills
- Solid technical ability and problem solving skills
Preferred Leadership Experience and Competencies (Applies to All Levels)
- Mentor junior information security members on the concepts of information security