Senior Vehicle SOC Analyst

Description

Upstream is looking for a Senior Vehicle SOC (vSOC) analyst to join the Upstream vSOC analysts team and focus on investigating and responding to potential vehicle security incidents, and implement, together with customers, a strategy for containment and recovery.

As a Senior vSOC analyst you will use threat intelligence, previous similar attack vectors, and insights from internal research teams to pinpoint affected assets, the type of attack, and the extent of the attack. 

The senior vSOC analyst will be responsible for playbook creation and maintenance and will ensure that the correct training is in place so that team members can implement procedures and policies. 

Additionally, the senior vSOC analyst will act as the vehicle security focal point for managed services for customers and troubleshooting of real-time potential security alerts.

The position is full-time and is based in Ann Arbor, Michigan, USA.

Responsibilities

• Primarily responsible for security event monitoring, management, and response
• Provide administrative direction and support for daily operational activities
• Present in business reviews and workshops with partners and customers
• Establish operational foundations, defining metrics and KPIs to drive governance, quality, and efficiency. Influence and improve existing processes through innovation and operational change
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Conduct threat hunting and proactively Identify threat vectors and develop use cases for security monitoring
• Identify and analyze API vulnerabilities, such as OWASP API Security Top 10, injection flaws, authentication/authorization issues, and data exposure
• Provide security recommendations and guidance to development teams during the API development lifecycle.
• Fine tune detection logic and machine learning profiles
• Creation of root cause analysis, reports, dashboards, metrics for vSOC operations and presentation to senior management
• Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
• Working with the team to create RCA's for events escalated to incident levels
• Development and execution of Standard Operating Procedures, Event Handlers and Job Aids required for successful task completion

Requirements

• Previous customer-facing analyst role, preferably within MSSP, consulting, or professional services context
• Proficient in Incident Management and Response
• Experience in creation of playbooks
• Experience in threat hunting and open-source intelligence (OSINT) investigations 
• Experience in security device management and SIEM (e.g., Sentinel, Splunk, Chronicle, etc.)
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management and incident management etc.
• Familiarity with malware techniques and attack methods (e.g. code injection, DGA, hooks, etc.)
• Familiarity with big data platforms and data analysis (e.g. SQL)
• Experience with API security tools and frameworks (e.g., Burp Suite, OWASP ZAP, Postman, API gateways)
• Familiarity with API protocols and technologies (e.g., REST, SOAP, GraphQL, OAuth, JWT).
• Experience with cloud platforms (e.g., AWS, Azure, GCP) and their API security services.
• Hands-on experience with development / scripting languages (e.g. Python)
• Strong troubleshooting and problem-solving skills
• Knowledge of applications, databases, middleware to address security threats
• Proficient in preparation of reports, dashboards, and documentation
• Strong communication, interpersonal, and leadership skills with a positive, customer-oriented attitude.
• Proven ability to handle high-pressure situations, adapt to changing priorities, and multitask effectively in a dynamic environment.
• Technical acumen with the ability to understand and interpret technical specifications and take proactive initiative.
• Automotive industry experience - an advantage 
• Experience in conducting mobile app and API security assessments and penetration testing - an advantage

Upstream is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.