Cyber Security Analyst (SOC)

About The Position

Requirements

• (Journeyman level) At least 3 years, (Junior level) applicable 1 to 2 years of experience in security operations, demonstrating analytical duties and preforming host or network security analysis.
• Proficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages, system/application vulnerabilities, and compliance with Department of Defense (DoD) policies and procedures.
• Applied knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security Center.
• Capable of attack reconstruction based on network traffic, integrating Threat Intelligence, and familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across multiple locations.

Nice To Haves

• Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS)
• Strong analytical and troubleshooting skills
• Able to provide expert content development in Splunk Enterprise Security using tstats and data models
• Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliances
• Experience in other tools and protocols as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP
• Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases
• Familiar with the operations and functions of Nessus or security center management
• Can assist and provide technical input to research, discover, implement hardware and software
• Understands importance and fundamentals of logistics and evidence handling
• Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology certification
• Examples of other certifications include: o Offensive Security Certified Professional (OSCP) o GIAC Response and Industrial Defense (GRID) o CERT Certified Computer Security Incident Handler o ECC CEH (Electronic Commerce Council Certified Ethical Hacker) o GCIH (GIAC Certified Incident Handler) o GISF (GIAC Information Security Fundamentals) o CISSP (Certified Information System Security Professional)
• Additional certifications at an equivalent may also be considered.

Responsibilities

• Support SOC team in operating and performing duties in a Security Operations Center (SOC) to provide a secure environment that facilitates monitoring, incident response, malware analysis, and threat hunting activities.
• Develop and utilize analytics on the security information and event management (SIEM) platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devices.
• Asses Security Technical Implementation Guides (STIGs) compliance and completion.
• Utilize asset mapping tools to verify connected inventory.
• Handle Information Assurance Vulnerability Management (IVAM) notifications.
• Evaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusions.
• Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used, and develop processes to enhance SOC response and efficiency.
• Conduct comprehensive technical analyses of computer evidence, research and integrate new security tools into the SOC, and synthesize findings into reports for both technical and non- technical audiences.