SOC Analyst

ASRC Federal•Alexandria, VA

About The Position

ASRC Federal is seeking a Cybersecurity Analyst to support the Department of Defense Education Activity (DoDEA) Enterprise Cyber Program. The SOC Analyst role will support enterprise cybersecurity operations for a federal customer, assisting with Risk Management Framework (RMF) compliance, vulnerability management, security monitoring, and incident response activities, collaborating with other cybersecurity personnel. SOC Analyst Key Responsibilities: ● Monitor and analyze network traffic, system logs, and other security data for signs ofmalicious activity ● Leverage Security Information and Event Management (SIEM) tools to view andinvestigate security alerts and notable events ● Handle incidents through their lifecycle; analyze, triage, contain, and remediate security incidents, as well as recommend improvements to prevent future security incidents, and ways to expedite response to security incidents based on lessons learned ● Communicate effectively with technical and non-technical users in a timely manner ● Preparing situational awareness reports for the customer, its constituent bureaus, and/or Department management ● Developing and maintaining response manual and automated response playbooks ● Facilitating development of SIEM detection and ingestion strategies to improve SOCvisibility ● Conduct forensic analysis on hosts and logs as malware analysis as deemed necessary ● Perform threat hunting based off new techniques ● Develop and implement security procedures to prevent future incidents. ● Provide technical support to other members of the security team. ● Stay up-to-date on the latest security threats and trends.

Requirements

Requires a Bachelor's degree and a minimum of 2-4 years of experience in a related or applicable field, or an equivalent combination of education and experience.
Must hold and maintain IAT 8140 certification, one of each of the following lists: ○ CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP○ CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, PenTest+
Experience with SIEM tools, like Microsoft Sentinel.
Experience leading and managing SOC operations.
Subject matter expertise in analyzing network packets, SIEM alerts, and server and application logs to investigate incidents for anomalous/malicious activities.
Experience tracking incidents against a framework such as MITRE ATT&CK or Cyber Kill Chain methodology.
Able to perform advanced analysis on advanced persistent threats and map out the threat lifecycle
Active Secret Clearance Required

Nice To Haves

Experience with Microsoft Sentinel
Forensic investigation and malware analysis experience
Inquisitive, problem-solving oriented
Can-do attitude with a strong sense of ownership

Responsibilities

Monitor and analyze network traffic, system logs, and other security data for signs ofmalicious activity
Leverage Security Information and Event Management (SIEM) tools to view andinvestigate security alerts and notable events
Handle incidents through their lifecycle; analyze, triage, contain, and remediate security incidents, as well as recommend improvements to prevent future security incidents, and ways to expedite response to security incidents based on lessons learned
Communicate effectively with technical and non-technical users in a timely manner
Preparing situational awareness reports for the customer, its constituent bureaus, and/or Department management
Developing and maintaining response manual and automated response playbooks
Facilitating development of SIEM detection and ingestion strategies to improve SOCvisibility
Conduct forensic analysis on hosts and logs as malware analysis as deemed necessary
Perform threat hunting based off new techniques
Develop and implement security procedures to prevent future incidents.
Provide technical support to other members of the security team.
Stay up-to-date on the latest security threats and trends.