SOC Security Analyst L2 Location: Cork, Ireland Schedule: Panama schedule (slow rotating shift pattern that uses 4 teams and two 12-hour shifts to provide 24/7 coverage: 2 days on, 2 days off, 3 days on, 2 days off, 2 days on, 3 days off). Every 4 weeks, it will change from day to night shift. BlueVoyant is looking for Security Operations Center (SOC) Security Analyst L2 to help our global customers manage their IT security. You will be part of a fast-paced team that helps customers reduce the impact of security incidents and ensures that critical business operations continue unhindered. Summary As a Senior analyst, you are the ultimate technical expert and escalation point for analysts on your team. Your significant expertise in modern attacks, analysis of intrusion data, and knowledge of attack remediation ensure that attacks against our clients are handled with urgency, accuracy, and effective communication. You are the mentor for junior analysts, the trusted voice of customers, and the bane of adversaries. Key Responsibilities Monitor and analyze security events and alerts from multiple sources, including SIEM logs, endpoint logs, and EDR telemetry. Research indicators and activities to determine reputation and suspicious attributes. Perform analysis of malware, attacker network infrastructure, and forensic artifacts. Execute complex investigations and handle incident declaration. Perform live response analysis of compromised endpoints. Hunt for suspicious activity based on anomalous activity and curated intelligence. Participate in the response, investigation, and resolution of security incidents. Provide incident investigation, handling, response, and incident documentation. Engage and assist the BlueVoyant Incident Response teams for active intrusions. Ensure events are properly identified, analyzed, and escalated to incidents. Assist in the advancement of security policies, procedures, and automation. Serve as the technical escalation point and mentor for lower-level analysts. Regularly communicate with clients to inform them of incidents and aid in remediation. Identification and tuning of false-positive or benign detections. Perform peer review and QA of junior analyst investigations. Support Customer Success team with client engagements when required. Basic Qualifications People Skills: Ability to handle high pressure situations in a productive and professional manner. Ability to work directly with customers to understand requirements for and feedback on security services. Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language. Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team. Able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule. Tech Skills: Knowledge and experience with SIEM solutions, Cloud App Security tools, and EDR. Advanced knowledge and understanding of network protocols and network telemetry. Forensic artifact and analysis knowledge of Windows and Unix systems. Expertise in Endpoint, Web, and Authentication log analysis. Experience with SIEM/EDR detection creation. Experience in responding to modern authentication attacks against AD, Entra, OATH, etc. Expert knowledge of common attack paths, including LOLbin use, common adversary tools, business email compromises, AiTM attacks, including identification and response. Strong knowledge of the following: SIEM workflows (preferably Sentinel and Splunk). Modern authentication systems and attacks SSO, OATH, Entra, etc. Malware Detection, to include dynamic and light static analysis. Network Monitoring metadata (web logs, firewall logs, WAF/IDS). Email Security and common business email compromise attacks. Windows and Unix forensic artifacts (i.e., registry analysis, wtmp/btmp). Windows PE and Maldoc analysis. Remote access solutions (both legitimate and inherently malicious). Lateral movement methodologies and tools for Windows & Unix-based OSes. O365 attack paths, common attacker methodologies, and analysis. Network metadata analysis and knowledge of commonly abused protocols. Expert knowledge of credential harvesting tools and methodologies. Experience countering ransomware threat actors / operations preferred. Preferred Qualifications Experience intrusion analysis / incident response, digital forensics, penetration testing, or related areas. 3+ years of hands-on SOC/TOC/NOC experience. GIAC certification(s) strongly preferred. CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred. Familiarity with technologies such as Sentinel, Splunk, Microsoft Defender suites, Crowdstrike Falcon, SentinelOne. Familiarity with GPO, Landesk, or other IT Infrastructure tools. Understanding and/or experience with one or more of the following programming languages: JavaScript, Python, Lua, Ruby, GoLang, Rust. Education Minimum bachelor's degree in information security, Computer Science, or other IT-related field or equivalent experience. About BlueVoyant At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. All employees must be authorized to work in the Republic of Ireland. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. #J-18808-Ljbffr
SOC Security Analyst L3 Location: Cork, Ireland The schedule will be a Panama schedule: (slow rotating shift pattern that uses 4 teams and two 12-hour shifts to provide 24/7 coverage. The working and non-working days follow this pattern: 2 days on, 2 days off, 3 days on, 2 days off, 2 days on, 3 days off). Every 4 weeks, it will change from the day to the night shift. BlueVoyant is looking for Security Operations Center (SOC) Security Analyst L3 to help our global customers manage their IT security. You will be part of a fast-paced team that helps customers to reduce the impact of security incidents and ensures that critical business operations continue unhindered. Summary As a Senior analyst, you are the ultimate technical expert and escalation point for analysts on your team. Your significant expertise in modern attacks, analysis of intrusion data, and knowledge of attack remediation ensures that attacks against our clients are handled with urgency, accuracy, and effective communication. You are the mentor for junior analysts, the trusted voice of customers, and the bane of adversaries. The experience you bring to the role provides a front-row voice to technology strategy, process improvements, and an advocate for analysts around the world. Key Responsibilities Monitor and analyze security events and alerts from multiple sources, including SIEM logs, endpoint logs, and EDR telemetry. Research indicators and activities to determine reputation and suspicious attributes. Perform analysis of malware, attacker network infrastructure, and forensic artifacts. Execute complex investigations and handle incident declaration. Perform live response analysis of compromised endpoints. Hunt for suspicious activity based on anomalous activity and curated intelligence. Participate in the response, investigation, and resolution of security incidents. Provide incident investigation, handling, response, and incident documentation. Engage and assist the BlueVoyant Incident Response teams for active intrusions. Ensure events are properly identified, analyzed, and escalated to incidents. Assist in the advancement of security policies, procedures, and automation. Serve as the technical escalation point and mentor for lower-level analysts. Regularly communicate with clients to inform them of incidents and aid in remediation. Identification and tuning of false-positive or benign detections. Perform peer review and QA of junior analyst investigations. Support Customer Success team with client engagements when required. Basic Qualifications People Skills: Ability to handle high pressure situations in a productive and professional manner. Ability to work directly with customers to understand requirements for and feedback on security services. Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language. Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team. Able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule. Tech Skills: Knowledge and experience with SIEM solutions, Cloud App Security tools, and EDR. Advanced knowledge and understanding of network protocols and network telemetry. Forensic artifact and analysis knowledge of Windows and Unix systems. Expertise in Endpoint, Web, and Authentication log analysis. Experience with SIEM/EDR detection creation. Experience in responding to modern authentication attacks against AD, Entra, OATH, etc. Expert knowledge of common attack paths, including LOLbin use, common adversary tools, business email compromises, AiTM attacks, including identification and response. Strong knowledge of the following: SIEM workflows (preferably Sentinel and Splunk). Modern authentication systems and attacks SSO, OATH, Entra, etc. Malware Detection, to include dynamic and light static analysis. Network Monitoring metadata (web logs, firewall logs, WAF/IDS). Email Security and common business email compromise attacks. Windows and Unix forensic artifacts (i.e., registry analysis, wtmp/btmp). Windows PE and Maldoc analysis. Remote access solutions (both legitimate and inherently malicious). Lateral movement methodologies and tools for Windows & Unix-based OSes. O365 attack paths, common attacker methodologies, and analysis. Network metadata analysis and knowledge of commonly abused protocols. Expert knowledge of credential harvesting tools and methodologies. Experience countering ransomware threat actors / operations preferred. Preferred Qualifications Experience intrusion analysis / incident response, digital forensics, penetration testing, or related areas. 5+ years of hands-on SOC/TOC/NOC experience. GIAC certification(s) strongly preferred. CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred. Familiarity with technologies such as Sentinel, Splunk, Microsoft Defender suites, Crowdstrike Falcon, SentinelOne. Familiarity with GPO, Landesk, or other IT Infrastructure tools. Understanding and/or experience with one or more of the following programming languages: JavaScript, Python, Lua, Ruby, GoLang, Rust. Education Minimum bachelor's degree in information security, Computer Science, or other IT-related field or equivalent experience. About BlueVoyant At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability! Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies. Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America. All employees must be authorized to work in the Republic of Ireland. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. BlueVoyant Candidate Privacy Notice To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice #J-18808-Ljbffr
Client Security Architect Location: Remote in Ireland The Client Security Architect must have experience working across a wide variety of security solutions and technologies. Must be able to maintain and troubleshoot solutions that enable security point solutions configuration, administration, management, and support. Partner with clients to architect the appropriate security point solution configuration and setup to support monitoring within our platform and service delivery operations. Must understand core IT security tools and Network fundamentals and be well capable of working with a client-facing/customer-service mindset. Key Responsibilities: Advisory position that is customer facing to help maximize technology investments from clients Experience working with enterprise class Anti-Virus software, Next-Gen AV, EDR, and other Microsoft Specific Defender suites of tools Understanding of core network protocols (DNS, DHCP, ARP, TCP, UDP, SSL, SSH, SCP, FTP, IPSec, etc.) Splunk SIEM technologies or other SIEM security solutions Microsoft Defender security suites, and other BV security application configuration, support, and management: Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity & Azure AD Identity Protection Microsoft Cloud Application Security (MCAS) Microsoft Azure Sentinel CrowdStrike Falcon CarbonBlack Defense Knowledge of technology solutions in one or more of the following functional areas: Cyber Security point solution tools and suites listed above Network/Cloud Environment data/metadata Ownership mindset, with demonstrated partnership with functional counterparts to deliver on a material set of business objectives Experience with Security tool configuration, management, and troubleshooting Qualifications: Excellent teamwork skills Experience with Mac OS, Windows, and Unix systems Minimum bachelor’s degree in Information Security, Computer Science, or another IT-related field. Exceptional candidates with proven experience in security tools and systems administration will also be considered Ability to handle high pressure situations in a productive and professional manner Written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language Teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team Ability to provide tuning recommendations for security tools to internal operations teams and to clients Ability to work in a client facing role to assist customers with correcting service issues and advising on best practices as related to the security tools supported within the client's environment Basic knowledge of the following: SIEM SSL Decryption Malware Detection HIDS/NIDS Network Monitoring Tools Case Management System Knowledge Base Web Security Gateway Email Security Data Loss Prevention Preferred Qualifications: Experience in security tool administration as well as systems administration 1-4 years of hands-on Security support or Systems Administration support experience Security +, CEH, Microsoft 365 Certified: Security Administrator, Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Azure Administrator preferred Familiarity with Microsoft Cloud IT Infrastructure tools Understanding of programming/scripting languages and ability to run basic database queries About BlueVoyant At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability! Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies. Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America. All employees must be authorized to work in Ireland. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. #J-18808-Ljbffr
SOC Security Analyst LI Location: Hybrid (50% of the time) in Cork, Ireland The schedule will be a Panama schedule: (slow rotating shift pattern that uses 4 teams and two 12-hour shifts to provide 24/7 coverage. The working and non-working days follow this pattern: 2 days on, 2 days off, 3 days on, 2 days off, 2 days on, 3 days off). Every 4 weeks, it will change from the day to the night shift. Summary BlueVoyant is looking for a SOC Security Analyst LI in Ireland to help our global customers manage their IT security. You will be part of a fast-paced team that helps customers to reduce the impact of security incidents and ensures that critical business operations continue unhindered. Key Responsibilities Monitor and analyze security events and alerts from multiple sources, including security information and event management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows and Unix), and databases. Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks. Initiate tickets, document, and escalate to higher-level security analysts. Serve as the technical escalation point and mentor for lower-level analysts. Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual. Perform triage of incoming issues (assess the priority, determine risk). Work with customers to deploy hardware and software monitoring systems. Maintain a strong awareness of the current threat landscape. Basic Qualifications Excellent teamwork skills. Knowledge of and experience with intrusion detection/prevention systems and SIEM software. Strong knowledge and understanding of network protocols and devices. Strong experience with Mac OS, Windows, and Unix systems. Ability to analyze event logs and recognize signs of cyber intrusions/attacks. Ability to handle high pressure situations in a productive and professional manner. Ability to work directly with customers to understand requirements for and feedback on security services. Strong written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language. Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team. Ability to provide tuning recommendations for security tools to tool administrators. Familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk. Strong knowledge of the following: SIEM Packet Analysis SSL Decryption Malware Detection HIDS/NIDS Network Monitoring Tools Case Management System Knowledge Base Web Security Gateway Email Security Data Loss Prevention Anti-Virus Preferred Qualifications Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas. 2-3 years of hands-on SOC/TOC/NOC experience. GCIA required. GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred. Familiarity with tools such as IDA Pro, PEiD, PEview, Procmon, Snort, Bro, Kali Linux, Metasploit, NMAP, and Nessus. Familiarity with GPO, Landesk, or other IT Infrastructure tools. Understanding of programming/scripting languages and ability to run basic database queries. Experience with ServiceNow. Education Minimum bachelor’s degree in Information Security, Computer Science, or other IT-related field. Exceptional candidates with proven experience in security/network operations will also be considered. About BlueVoyant At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability! Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies. Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America. All employees must be authorized to work in Ireland. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. BlueVoyant Candidate Privacy Notice To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice #J-18808-Ljbffr
