SOC Analyst – Sydney

About Us

Cloudtrace specializes in providing offensive and defensive cyber security services for public cloud environments. We are an AWS, Azure and GCP consulting partner and are accredited by the PCI Security Standards Council as a Qualified Security Assessor Company (QSAC). Our service offerings include penetration testing, red teaming, managed security services, digital forensics and incident response.

The Role

We are looking for a SOC Analyst to become part of our rapidly expanding team protecting our clients from cyber security threats. This is primarily a blue team role with additional exposure and involvement to penetration testing techniques and tools in order to validate security exposures detected by our attack surface management platform.

Our philosophy is that solid defense requires intimate knowledge of offensive tactics, with our managed security service designed to ensure our analysts are across the latest attack techniques. This approach, combined with our cloud security expertise allows us to provide our clients with the highest level of protection for their digital assets.

You will get the opportunity to work with government, start-up and enterprise clients as part of a passionate and experienced security team; You will also be provided with training and support for Offensive Security Certified Professional (OSCP) certification if that is not yet held.

Note: As we offer 24/7 services this role will require shift work that will occasionally fall on Weekends and Public Holidays. Shifts in your time zone will generally cover extended day time hours, with night shifts performed by our overseas teams. 

Your Responsibilities

We monitor our client’s systems both internally and externally to ensure we provide proactive response to potential security issues and detect any threats that have breached security controls.

A best of breed cloud-based SIEM is used to ingest and analyze events from client environments, in which we use our cloud security knowledge in conjunction with the MITRE ATT&CK® Cloud Matrix to detect attacks from highly skilled adversaries. In this roll you will respond to alerts within our established SLAs and investigate complex attack chains to ensure breaches are rapidly discovered and contained.

Our attack surface management service includes hourly reconnaissance and exposure testing across our client internet attack surface. Using penetration testing techniques, you will also review new endpoints discovered by our platform and validate any security exposures as soon as they are detected.

Your average day will include the following activities:

Investigation and response to client SIEM alerts

– Ownership through to resolution of managed SIEM alerts

– Liaison with clients to provide updates on investigation status

– Incident closure once appropriate action has been taken

– Tuning of client SIEM rules to reduce false positive rate

Monitoring of client digital attack surface exposures

– Ownership through to resolution of customer impacting exposures

– Liaison with clients to provide updates on exposure status

– Escalation to senior resources for complex exposures

– Closure of exposures once appropriate action has been taken

– Review of new assets discovered by the attack surface management platform

Client report writing

– Issuing of periodic cyber security reports for managed service clients

Managed security service projects

– Onboarding of new clients to managed services platforms

– Integration of new log sources for existing managed SIEM clients

– Development of managed incident response playbooks

– Other cyber security project work as required

Your Experience

3+ years’ experience as a SOC analyst, Penetration Tester, or relevant field

Your Skills

The following technical skills are required to fulfil the responsibilities of the role:

• Understanding of common internet protocols (e.g. TCP/IP, DNS, HTTP, TLS)
• Knowledge of common web application security vulnerabilities
• Ability to analyze intercepted HTTP requests and identify basic security issues
• Familiarity with public cloud environments (e.g. AWS, Azure and GCP)
• Familiarity and demonstrated understanding of the Cyber Kill Chain and/or MITRE ATT&CK Framework
• Understanding and experience working with SIEM and Vulnerability management tools
• Proficiency with common penetration testing tools (e.g. Burp Suite, Kali Linux, Metasploit)
• Strong understanding of Windows, UNIX, and Linux Operating Systems
• Formal training and certification in an IT security related area, OSCP, SANS, CompTIA is desired but not essential

The role requires strong written communication skills for reporting on test findings and liaising with clients on validated exposures. The ability to manage time effectively is essential as testing engagements are typically delivered within a set timeframe and our CST service provides service level agreements for validating detected security exposures. The most important requirement however is a passion for learning about how systems are compromised, and security exploits are developed.