Security Operations Center (Soc) Analyst

Summary
The cyber Security Operations Center (SOC) Analyst will perform tasks including monitoring, investigation, and triage of cybersecurity events that occur on the network or endpoint with a focus on the determination of whether said events constitute security incidents. Participate in incident response and as a consultant in various security projects.
This position requires work in support of the Company’s contract with the United States Department of Education (“ED”). As such, the United States Government requires that any applicant for this position must complete United States Government security clearance. Effective June 1, 2018, ED has informed Nelnet that security clearance applications for foreign nationals are not being accepted or processed. In light of this direction from ED, Nelnet will be unable to hire applicants without United States citizenship for such positions.

• Responsible for assisting Cybersecurity Incident Response including the detection, containment, and eradication of real-time threats.
• Respond to log and security inquiries from business partners and various audit requests.
• Demonstrate an intermediate understanding of numerous security products and processes.
• Understand the policy, standards, and procedures found in the Nelnet enterprise as well as an understanding of appropriate laws and regulations for the business.
• Monitor and investigate security alerts from the SIEM, IPS/IDS, Firewall, EDR, SOAR, and other security systems.
• Completes routine preventative measures and maintains/monitor network security.
• Responsible for ongoing review of security use case correlation searches to provide actionable alerts.
• Be a trusted security advisor to other departments and lines of business.

• Must have security information events management (SIEM) competency
• Previous cybersecurity investigation experience
• Knowledge of networking architectures and protocols
• 0-2 years in a Security Operation Center environment

• Experience with EDR solutions desired.
• Experience and understanding of Network traffic. (TCP/IP, Common Ports & Protocols)
• Excellent coordination, documentation, and organizational skills.
• Cloud (AWS, Azure, GCP) experience is desired.
• Automation experience desired; PowerShell, Python, SOAR etc.
• Knowledge of SIEM Technologies, Splunk Enterprise Security preferred.
• Experience with IDS/IPS systems is desired.
• Naturally curious – puzzle/problem solver.