Security Operation Center (SOC) Analyst II

About The Position

Requirements

• 5+ years of related experience.
• Solid understanding of cyber threats and information security in the domains of TTP's, Threat Actors, Campaigns, and Observables.
• Familiarity with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.
• Strong analytical and technical skills in computer network defense operations.
• Ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
• Experience and ability with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents.
• Knowledgeable and hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems.
• Strong logical/critical thinking abilities, especially analyzing security events.
• Excellent organizational and attention to details in tracking activities within various Security Operation workflows.
• Working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks.
• Conceptual understanding of Windows Active Directory.
• Working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Experience with one or more of the following technologies: Network Threat Hunting, Big Data Analytics, Endpoint Threat Detection and Response, SIEM, workflow and ticketing, and Intrusion Detection System.
• Prior performance in roles such as ISSO or ISSM.
• SAP experience required.
• CSSP Analyst certification required to Start (CEH, CFR, CCNA Cyber Ops, CySA+, GCIA, GCIH, GICSP, SCYBER).
• Top Secret/SCI clearance required to start.
• Must be able to obtain Top Secret SCI with CI Polygraph.

Nice To Haves

• Bachelor’s degree in a related area or equivalent experience (4 years).

Responsibilities

• Conduct security event monitoring, advanced analytics and response activities.
• Analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents.
• Perform security event triage, incident investigation, implementing countermeasures, and conducting incident response.
• Monitor SIEM platforms and/or log management systems that perform log collection, analysis, correlation, and alerting.
• Analyze security events (windows event logs, network traffic, IDS events for malicious intent).
• Track activities within various Security Operation workflows.
• Identify and implement counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
• Perform Network Threat Hunting, Big Data Analytics, Endpoint Threat Detection and Response, SIEM, workflow and ticketing, and Intrusion Detection System activities.

Benefits

• Variety of medical plan options, some with Health Savings Accounts
• Dental plan options
• Vision plan
• 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance