Senior SOC Analyst

NTT DATA•Merrifield, VA

23h

About The Position

1. Lead advanced incident detection, investigation, and analysis efforts. 1. Correlate SIEM, EDR, IDS/IPS, and firewall data to identify and analyze potential incidents. Perform deep-dive investigations to determine root cause, scope, and impact of incidents. Apply MITRE ATT&CK and other frameworks for adversary TTP identification. 1. Guide preparation, identification, containment, eradication, and recovery actions in collaboration with SOC, forensics, and engineering teams. Ensure incident handling aligns with established guidelines, response plans, and playbooks. Analyze telemetry, logs, and behavioral patterns for indicators of compromise or attack. Work with forensic teams to ensure proper forensic collection, preservation, and analysis of digital evidence. Coordinate with forensics teams to ensure chain-of-custody and evidence integrity. Develop and enhance SOC processes, playbooks, and detection capabilities. Perform threat intelligence collection, analysis, and dissemination. Analyze and contextualize intelligence to produce actionable recommendations. Provide real-time guidance during active incidents. Collaborate with stakeholders to strengthen overall cybersecurity posture. Work with engineering, IT, and cloud teams to address identified vulnerabilities. Participate in tool evaluations, recommending solutions that enhance SOC capabilities and identify capability overlap. Support internal coordination with client sections, divisions, and external entities. Provide executive-level briefings on security events and SOC performance. Master's degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC. One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program. Minimum 8 years of experience in Information Technology (IT) and/or Information Security (IS). DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding. Active Secret Security Clearance Must be a US Citizen who lives within a commutable distance to the client's sites in Arlington or Merrifield, VA. CBROPS CFR CompTIA: CySA+, Security + CE, CASP+CE FITSP-O SANS: GCFA, GCIA, GDSA, GICSP CCNA-Security, CCNP Security CISSP (or associate), CCSP CISA SSCP CND

Requirements

Master's degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC. One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program.
Minimum 8 years of experience in Information Technology (IT) and/or Information Security (IS).
DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding.
Active Secret Security Clearance
Must be a US Citizen who lives within a commutable distance to the client's sites in Arlington or Merrifield, VA.
CBROPS
CFR
CompTIA: CySA+, Security + CE, CASP+CE
FITSP-O
SANS: GCFA, GCIA, GDSA, GICSP
CCNA-Security, CCNP Security
CISSP (or associate), CCSP
CISA
SSCP
CND

Responsibilities

Lead advanced incident detection, investigation, and analysis efforts.
Correlate SIEM, EDR, IDS/IPS, and firewall data to identify and analyze potential incidents.
Perform deep-dive investigations to determine root cause, scope, and impact of incidents.
Apply MITRE ATT&CK and other frameworks for adversary TTP identification.
Guide preparation, identification, containment, eradication, and recovery actions in collaboration with SOC, forensics, and engineering teams.
Ensure incident handling aligns with established guidelines, response plans, and playbooks.
Analyze telemetry, logs, and behavioral patterns for indicators of compromise or attack.
Work with forensic teams to ensure proper forensic collection, preservation, and analysis of digital evidence.
Coordinate with forensics teams to ensure chain-of-custody and evidence integrity.
Develop and enhance SOC processes, playbooks, and detection capabilities.
Perform threat intelligence collection, analysis, and dissemination.
Analyze and contextualize intelligence to produce actionable recommendations.
Provide real-time guidance during active incidents.
Collaborate with stakeholders to strengthen overall cybersecurity posture.
Work with engineering, IT, and cloud teams to address identified vulnerabilities.
Participate in tool evaluations, recommending solutions that enhance SOC capabilities and identify capability overlap.
Support internal coordination with client sections, divisions, and external entities.
Provide executive-level briefings on security events and SOC performance.