The Aspen Group (TAG) is one of the largest and most trusted retail healthcare business support organizations in the U.S. and has supported over 16,000 healthcare professionals and team members at more than 1,200 health and wellness offices across 46 states in four distinct categories: Dental care, urgent care, medical aesthetics, and animal health. Working in partnership with independent practice owners and clinicians, the team is united by a single purpose: to prove that healthcare can be better and smarter for everyone. TAG provides a comprehensive suite of centralized business support services that power the impact of five consumer-facing businesses: Aspen Dental, ClearChoice Dental Implant Centers, WellNow Urgent Care, Chapter Aesthetic Studio, and AZPetVet. Each brand has access to a deep community of experts, tools and resources to grow their practices, and an unwavering commitment to delivering high-quality consumer healthcare experiences at scale.
The Senior SOC Analyst is responsible for managing activities relating to monitoring and responding to security events. Additionally, this position will work closely with the SOC Manager on the development and oversight of the SOC program and maintaining operational efficiencies. The Senior SOC analyst receives research, triages, and documents all security events and alerts as they are received. This individual supports multiple security-related platforms and technologies, interfacing with others within the IT organization, as well as other internal business units and external customers/partners. Events will be generated from endpoints, networks, security information and event management (SIEM) systems, threat intelligence platforms, employees, third parties and other sources. The Senior SOC Analyst is an excellent communicator with others and is able to explain security concepts to both security and non-security personnel.
The Senior SOC analyst reports to the SOC manager and is an involved member of the SOC team. This role must display an in-depth understanding of new trends and technologies related to IT security and compliance and contribute to the company IT security strategy and roadmap.
Responsibilities:
- As an active member of the team, monitor and process response for security events on a 24x7 basis.
- Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
- Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
- Participate in threat modeling collaboration with other members of the security team.
- Automate repetitive tasks and drive efficiencies so the SOC can operate at high efficiency.
- Assist with incident response as events are escalated, including triage, remediation, and documentation.
- Manage security event investigations, partnering with other departments (e.g., IT) as needed.
- Aid in threat and vulnerability research across event data collected by systems.
- Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats.
- Work alongside other security team members to hunt for and identify security issues generated from the network, including third-party relationships.
- Share information as directed with other team members and ISACs.
- Seek opportunities to drive efficiencies.
- Evaluate SOC policies and procedures and recommend updates to management as appropriate.
- Develop metrics and scorecards to measure risk to the organization.
- Adhere to service level agreements (SLAs), metrics and business scorecard obligations for ticket handling of security incidents and events.
- Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
- Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security, and data networking, to offer global solutions for a complex heterogeneous environment.
- Maintain working knowledge of advanced threat detection as the industry evolves.
- Perform other duties as assigned.
Skills & Experience:
- Bachelors in Information Security related degree.
- Required SANS GCIH or GCIA
- CISSP certification a plus.
- At least 5+ years of information security monitoring and response or related experience.
- Experience working in a 24x7 operational environment, with geographic disparity preferred.
- Experience driving measurable improvement in monitoring and response capabilities at scale.
- Experience managing SIEM systems (Splunk ES preferred), threat intelligence platforms, SOAR solutions, IDS/IPS, and other security, network, and system monitoring tools.
- Knowledge of a variety of Internet protocols.
- History of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI), Health Information Portability and Accountability Ace (HIPAA), Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR).
- Highly effective communicator with ability to influence business units.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
- Leverages strategic and tactical thinking.
- Works calmly under pressure and with tight deadlines.
- Demonstrates effective decision-making skills.
- Is highly trustworthy; leads by example.
If you are an applicant residing in California, please view our privacy policy here: