SOC Analyst

Acronis is a world leader in cyber protection—empowering people by providing them with cutting-edge technology that enables them to monitor, control, and protect the data that their businesses and lives depend on. We are in an exciting phase of rapid-growth and expansion and looking for someone who is ready to join us in creating a #CyberFit future and protecting the digital world!

The SOC Analyst will be monitoring security alerts and to quickly assess if they are worth further investigation. To do this, the analyst reviews logs from various protective tools like firewalls and intrusion detection systems, as well as infrastructure components. They provide initial evaluation and escalation of incidents to Tier 2 analysts. They may be tasked to perform initial / basic containment of incidents and deliver reports.

WHAT YOU'LL DO

Ultimate responsibility of the SOC analyst is to ensure Acronis and Acronis customers’ data is protected from unauthorized access and modification. To achieve this, you will:

• Analyze log and monitoring data for all Acronis infrastructure and applications. Visibility is the most important factor for reducing the response time and the damage taken in a case of cyber attack.
• Discover anomalies, triage them and respond quickly in case of a real-life incident. Identify the root cause through the postmortem analysis. Escalate to more experienced colleagues if you feel additional assistance may be needed.
• Update tooling to detect known patterns automatically in the future. We don’t want you to stare at the monitor all day, finding known anomalies is a job for a computer.
• Based on postmortem analysis of the real events, work with relevant teams on mitigation. Simply saying, we don’t want to repeat past errors, we need to learn from them and improve.
• Stay informed on the new threats and trends in cyber security space. Be aware of what’s happening, how bad guys are acting and what countermeasures can we implement.

WHAT YOU BRING (EXPERIENCE & QUALIFICATIONS)

To be successful in this role you need to possess certain qualities, we list them below together with sample questions that we might ask you during the interview.

• First of all, we need people, who can learn new things fast. Unbeatable curiosity is a must.
• Since you will be analyzing logs, you need to know, how to do that. For example, given a 100000 line authentication log from a Linux system, you should know how to find anomalies there. Do you know, how to use tools like grep and awk for ad-hoc analysis? What would you use if you need to analyze millions of log entries instead of thousands? How about billions?
• "Machines should work; people should think”. To make that happen, you’d need some development skills with Python or other scripting language, understanding REST APIs, SQL, regular expression. Some coding experience is needed and be ready to demonstrate your abilities.
• We require reasonable understanding of Linux and Windows architecture and networking. You don’t need to be a network expert, but we expect you’d understand what is going on when you look at a tcpdump output. The usual question here is “What happens when you type an URL in the browser and press enter”? Be ready to discuss the it with emphasis to security.
• Some understanding of the modern DevOps stack is an advantage. You will be taking to IT operations team a lot and it would be easier for you if you’d share the same language. Some components of our stack include Elastic Search, Grafana, Prometheus, Ansible, Docker and if you worked with them, you’ll find it easier to start with us. Did you ever configure Linux server with Ansible? Did you deploy an application in Docker? Would you be able to break out of a Docker container? Would you be able to secure a container against breaking out?
• You need to be familiar with security tools used in a typical SOC environment as well as usual security tools. Did you ever write a snort and yara signature? Given a file, will you be able to write one for it? What does nmap do? Did you ever write nmap script with NSE?
• Besides technical skills, we expect you to be able to communicate clearly, being able to explain complex things so that others understand them.
• 1-2 years of security related experience is preferred.
• Security certifications such as CISSP, Security+, CEH, OSCP or a degree in a related IT field are preferred.

WHO WE ARE

Acronis is revolutionizing cyber protection by unifying backup, disaster recovery, storage, next-generation anti-malware, and protection management into one solution.  This all-in-one integration removes the complexity and risks associated with non-integrated solutions and offers easy, complete and reliable data protection for all workloads, applications, and systems across any environment—all at a low and predictable cost.

Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees and offices in 34 locations worldwide. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, and top-tier professional sports teams. Acronis products are available through over 50,000 partners and service providers in over 150 countries and 26 languages.

Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.

#LI-WC1