Security Operations Center Analyst Tier III at Crown Castle in Canonsburg, Pennsylvania

Job Description:

 Position Title: Security Operations Center - Tier III  (P4)

 

Company Summary:

Crown Castle is the nation’s largest provider of shared communications infrastructure: towers, small cells, and fiber. It all works together to meet unprecedented demand—connecting people and communities and transforming the way we do business. Whenever you make a call, track a workout or stream music and videos, we’re the ones providing the communications infrastructure that makes it all possible. From 5G and the internet of things to drones, autonomous vehicles and AR/VR, we enable the technologies that help people stay safe, connected, and ready for the future. Crown Castle is publicly traded on the S&P 500, and one of the largest Real Estate Investment Trusts in the US, with an enterprise value of ~$100B.

We offer a total benefits package and professional growth development for teammates in any stage of their career. Along with caring for our teammates, we’re an active member in the communities where we live, work, and do business. We have a responsibility to give back, which we do through our Connected by Good program. Giving back allows us to improve public spaces where people connect, promote public safety and advance access to education and technology.

Role: 

Under the leadership of the Manager, Security Operations Center (SOC), the SOC Analyst – Tier 3 (SOC3) will ensure delivery of the highest level of service in the support of conducting security event monitoring and analysis as well as incident response. Responsibilities will include the day-to-day (24x7) operations to include the application of analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. The SOC3 will also work other SOC and threat management staff with development and enhancement of existing detection and response capabilities including creation of SIEM content, IDS rules, SOP documentation, and implementation of incident response methodologies.

 

Responsibilities

 

• Perform operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from SIEM monitoring tools, network and host-based intrusion detection systems, firewall logs, system logs (Unix & Windows).


• Conduct analysis of network traffic and host activity across all technologies and platforms.


• Perform incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.


• High understanding of processes related to threat correlation and mitigation.


• Process SOC tickets as well as assist in processing IT Security Helpdesk tickets.


• Responsible for responding to security incidents (malware infections, unauthorized access, malicious emails, DDoS attacks) and elevating to Threat Management team as needed.


• Analyze security event logs and alerts to determine validity, priority and impact against both security threat best practices and corporation policies.


• Evaluate the type, nature and severity of security events with a range of security event analysis tools.


• Works with Senior Enterprise Security staff as well as the Computer Security Incident Response Team on a day-to-day basis.


• Assist in defining and maintaining protocols and maturing ‘playbooks' of operational response to cyber threats.


• Develop and maintain policies, processes, and procedures to ensure reliable and effective SOC operations.


• Collaborate across organizational lines and develop depth in cyber security discipline and technologies.

 

 

 

Expectations

 

• Demonstrates a profound sense of ethics, integrity, and confidentiality


• Finds common ground and viable solutions to complex problems in a compelling manner while maintaining a professional composure


• Influences across a diverse discipline in a collaborative, risk aware manner


• Organized, responsible and highly thorough problem solver


• Proven ability to create and build new processes


• Great verbal and written communication skills and attention to detail


• Self-starter who can work independently as well as in a team setting


• Works well with people from different areas of the business


• Ability to simplify complex technical topics


• Ability to learn, understand, and apply new technologies


• Ability to design and implement effective policies to achieve consistent team results.


• Demonstrates a "learning agility" to remain current in subject matter expertise


• Experience documenting enterprise security events


• Navigate ambiguity; Is adaptable to, and champions change


• Giving and receiving effective feedback across all interactions

 

 

Education/Certifications  

 

• Bachelor's degree in IT or Computer Security or comparable years’ experience.


• Must have at least one of the following certifications: CISSP, CCE, PMP, GSEC, CCNA Cyber Ops, CISF-GIAC Information Security Fundamentals, CISM, CRISC, Security+, CEH and GISF


• Splunk User Certification, Splunk Power User Certification, Splunk Admin Certification, a plus

 

Experience/Minimum Requirements  

 

• 5+ years of experience in IT Security monitoring


• Tier 3 incident response experience


• Experience in SIEM event auditing, log review and incident response


• IT experience in SIEM with a concentration on Linux. Windows and Linux System administration preferred

 

 

 

Organizational Relationship  

 

 

Reports to: Manager, Security Operations Center

 

 

Title(s) of direct reports (if applicable):  N/A

 

 

Working Conditions:  Works in a 24x7 operation center setting with no exposure to adverse environmental conditions. 

 

This is a remote role with the expectation of on-site/in-person collaboration with teammates and stakeholders for moments that matter and may require up to 5% travel.

 

Additional Information: Crown Castle has a COVID-19 Vaccine Policy in place requiring vaccination by your employment start date, unless approved for an accommodation or otherwise prohibited by law.

 

#LI-MP1

#LI-Remote

 

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

Enterprise Security

Apply Now