Security Operations Center (SOC) Analyst (Mid)

About The Position

Requirements

• Working knowledge with US-CERT Federal Incident Notification Guidelines
• 4 years of Information Technology experience, with at least 2 years of experience in information security working within security operations
• Working knowledge of Splunk Enterprise, Enterprise Security, and SOAR products
• Working knowledge of CrowdStrike, TrendMicro and McAfee host-based solutions
• Knowledge of log, network, and system forensic investigation techniques
• Significant experience performing analysis of log files from a variety of sources, including individual host logs, network traffic logs, firewall logs, or intrusion prevention/detection logs
• Experience conducting intelligence driven defense utilizing the MITRE ATT&CK framework and Cyber Kill Chain (CKC)
• Diverse knowledge base of operating systems, network protocols, system administration, and security technologies
• Knowledge of TCP/IP Networking and the OSI model
• Experience creating actionable content for a diverse range of commercial security tools and/or SIEM technologies
• Significant experience monitoring threats via SIEM console
• Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems
• Strong customer service skills and decision-making skills
• Ability to develop working knowledge of client infrastructure
• Bachelor’s degree in computer science or related field or equivalent work experience
• Certified Information Systems Security Professional or Associate Formal IT Security/Network Certification such as SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Network Forensic Analyst (GNFA) or SANS GIAC Certified Incident Handler (GCIH)

Nice To Haves

• 3+ years’ experience in SOC/CIRT or 1-year specific experience as a Lead SOC Analyst
• Experience at the Centers for Medicare and Medicaid Services (CMS) or U.S. Department of Health and Human Services (HHS) or previous SOC/CIRT experience at a federal agency similar in size, scope, and complexity
• EC Council Certified Ethical Hacker (CEH)
• Experience with Elastic, Snowflake (or other Security Data Lake), and Akamai WAF
• Significant experience with packet analysis (Wireshark) and malware analysis

Responsibilities

• Perform hunting for malicious activity across the network and digital assets
• Respond to computer security incidents and conduct threat analysis
• Identify and act on malicious or anomalous activity
• Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network
• Perform detailed investigation and response activities for potential security incidents
• Provide accurate and priority driven analysis on cyber activity/threats
• Perform payload analysis of network packets
• Recommends implementation of countermeasures or mitigating controls
• Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment
• Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
• Mentor junior staff in cybersecurity techniques and processes
• Create and continuously improve standard operating procedures used by the SOC
• Resolve or coordinate the resolution of cyber security events
• Monitor incoming event queues for potential security incidents
• Create, manage, and dispatch incident tickets
• Monitor external event sources for security intelligence and actionable incidents
• Maintain incident logs with relevant activity
• Document investigation results, ensuring relevant details are passed to SOC Lead, Incident Management team and stakeholders
• Participate in root cause analysis or lessons learned sessions

Benefits

• competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement