SIEM and SOAR Analyst
About The Position
As a security operations center analyst, you're in the middle of the action, responding to and mitigating threats in real time. You're the first line of cyber defense for your organization, and they look to you for guidance on best practices and security measures. We need a Tier 2 SOC analyst like you to help us secure critical infrastructure from the constant onslaught of cyber attacks for the mission partner. As a SOC analyst on our team, you'll monitor and analyze threats, using state-of-the-art tools. You'll work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact. You'll analyze incidents to figure out just how many systems are affected and assist recovery efforts. You'll combine threat intelligence, event data, and assessments from recent events, and identify patterns to understand attackers' goals to stop them from succeeding. This is a great opportunity to hone your cyber security skills with hands on experience in threat assessment and incident response. Work with us as we secure our mission partner from malicious actors. Join us. The world can't wait.
Requirements
- 3+ years of experience in Security information and event management (SIEM) administration, configuration, or correlation-rule development within the DoD
- Experience with SIEM platforms such as Splunk ES, Elastic SIEM, QRadar, ArcSight, or Microsoft Sentinel
- Experience in log parsing, normalization, and the creation of correlation searches, dashboards, and alerts
- Experience with enterprise security data sources such as Windows event logs, NetFlow, firewall, IDS/IPS, and endpoint telemetry
- Experience analyzing and triaging security events to identify potential incidents and reduce false positives
- TS/SCI clearance
- HS diploma or GED
- DoD 8140 baseline certification such as Security+, CySA+, or CISSP
Nice To Haves
- Experience supporting Air Force defensive cyber operations
- Experience developing custom automation scripts
- Experience working in Agile DevSecOps environments
- Experience with MITRE ATT&CK framework, Kill Chain analysis, and threat correlation methodologies
- Experience tuning SIEMs for performance optimization, index management, and data retention strategies
- Possession of strong written and verbal communication skills for developing dashboards, briefings, and incident reports
- Bachelor's degree
- Certifications such as Splunk Core Certified Power User, Elastic Certified Engineer, or IBM QRadar Specialist certification
- SAFe Agile certification
Responsibilities
- monitor and analyze threats
- understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact
- analyze incidents to figure out just how many systems are affected and assist recovery efforts
- combine threat intelligence, event data, and assessments from recent events, and identify patterns to understand attackers' goals to stop them from succeeding
Benefits
- health
- life
- disability
- financial
- retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
- recognition awards program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Industry
Professional, Scientific, and Technical Services
Education Level
High school or GED
Number of Employees
1-10 employees
