CSOC Analyst

About The Position

Requirements

• U.S. Citizenship Required
• Must have the ability to obtain / maintain a DOE L Level or DOE Secret clearance
• Degree in computer science, engineering, cybersecurity, information technology, or related field
• 5 years of experience with BS/BA; 3 years with MS/MA; 0 years with PhD
• Cybersecurity experience in roles such as security monitoring, threat and risk assessment, incident response, forensic analysis, offensive testing, controls assessment, vulnerability research or CSOC operations
• Understanding of industry cybersecurity standards such as FISMA, NIST 800 series, and regulatory compliance requirements
• Demonstrated strategic thinking, CSOC operations leadership, or broad understanding of risk management
• Strong analytical and problem-solving skills to investigate and assess security risks
• Excellent verbal and written communications skills
• Ability to communicate technical issues to both infrastructure owners and management
• Must be able to work on a 4-month 24x7x365 shift rotation schedule

Nice To Haves

• Hold cybersecurity certification such as CISSP, CISM, SSCP, GIAC GSEC, OSCP, CEH, CISA SSCP, GIAC GCIH (GCIH), EC-Council CSA
• A master’s degree in computer science, engineering, cybersecurity, information technology, or related field

Responsibilities

• As a member of a CSOC shift, monitor security reporting systems, dashboards and indicators of suspicious activity and unauthorized access for an extensive critical infrastructure covering 8 states
• Validate SIEM/EDR/SOAR security alerts, open case management investigations and perform investigations under the guidance of a lead analyst
• Review threat and vulnerability advisories issued by various government organizations and make recommendations to management
• Conduct research to determine the applicability of advisories to the company’s environment
• Interact with internal Subject Matter Experts and functional groups to request information, discuss events, escalate issues and coordinate a response under the guidance of a lead analyst
• Formulate mitigation recommendations and document investigations
• Conduct open-source research and stay abreast of the latest cyber threats and security tools
• Perform network and systems analysis of intrusion alerts to the network infrastructure and anomalous traffic, applications, operating systems, firewalls, proxy devices and malware detection, security incidents or anomalies flagged by monitoring tools, triage, and escalate them as warranted
• Perform in-depth security analysis of alerts from firewalls and reviewing system logs for suspicious patterns, perform preliminary incident response, event analysis and threat intelligence
• Investigate threats across multiple data systems and create incident review cases on notable events
• Investigate flagged alerts, determine if they are real threats, and follow designated response and containment procedures
• Confirm continuous data flows from system logs, PCAP captures, and intelligence feeds into the SIEM systems
• Review flagged events that are detrimental to the company’s overall security posture; analyze and detect sophisticated and nuanced attacks, discern false positives and draft reports of results for management
• Correlate network and system sensor events
• Conduct forensic event investigation of logs and network protocol traffic and identify anomaly and potential threats
• Provide near real-time and short-term correlation of data collected by the SIEM/EDR tools and investigate threats across data types over specific study time frames or systems
• Provide strategic analysis and near real-time auditing, investigating, reporting, and coordinating tracking of security-related flagged incidents
• Recommend changes to security assets such as firewalls, VPNs, to remediate issues or improve defensive posture to CSOC and security management
• Assist with CSOC daily tasks and operations such as CSOC communications, completeness and fidelity of CSOC reports, and status of incident cases as directed by management