SOC Analyst III Farmington Hills MI only

SOC Analyst III

The Security Operations Center is responsible for providing 24/7, 365 monitoring, detection, and response capabilities for Comerica. This includes event, cloud security, and DLP monitoring, as well as a role in the incident response process. The Tier 3 SOC Analyst serves as an escalation point for Tier 1 and Tier 2 Analysts within the SOC and provides advanced analytical and investigation support for complex incidents to assist in containment and mitigation of threats.

The Tier 3 Security Operation Center (SOC) Analyst is responsible for providing oversight during day-to-day operational tasks for Tier 1 and 2 analysts within the SOC, as well as advanced technical investigation capabilities to respond to security incidents. The analyst will serve as the escalation point for all SOC analysts, and as an interface with the Advanced Threat Hunt and Intelligence team for the SOC.

Position Responsibilities

Security Operations Center (SOC) Analysis

• Provides advanced technical investigation and forensics capabilities across malware, phishing, cloud access security brokers (CASB), network, and configuration compliance domains.
• Responds to and mitigates security incidents based on defined process and procedures to contain and eradicate threats.
• Resolves or escalates investigations to CSIRT as required, in coordination with the SOC Manager.
• Interfaces with the threat hunting and threat intelligence teams to build proactive searches / signatures in the SIEM or security application to enhance detection capabilities.
• Performs sampled reviews of investigated incidents by Tier 1/Tier 2 Analysts to improve ticket quality and provides feedback to coach junior Analysts.

Documentation and Support

• Participates in the development / enhancement of process and technologies impacting the SOC and the broader Cyber Defense Operations function.
• Collaborates closely with the SOC Manager to develop recommendations and/or technical implementations to improve workflows within the SOC, including the use of automation and optimization of processes.
• Collaborates with other Engineering and Operations teams within Comerica to troubleshoot, respond, and improve detection capabilities.
• Handles sensitive information in accordance with the Corporate Information Protection Policy.

Qualifications

• Bachelors' Degree in Computer Science, Engineering, Information Systems, or Cyber Security or equivalent degree or High School Diploma or GED and 10 years of progressive relevant experience
• 5 years of information security/technology experience preferably in a SOC or NOC
• 4 years of experience using various operating systems and industry standard monitoring, logging, alerting and investigation processes
• 2 years of incident response experience

Preferred Licenses/Certifications

• CompTIA Network+, CompTIA Security+, GCIA, GCIH, GREM, or GPEN

Comerica Great Lakes Campus
8:00am - 5:00pm Monday - Friday