SOC Analyst
Role details
Job location
Tech stack
Job description
- Utilize alerts from endpoints, IDS/IPS, netflow, and custom sensors to identify compromises on customer networks/endpoints.
- Perform intermediate-level review of massive log files, pivot between data sets, and correlate evidence for incident investigations.
- Pass triaged alerts to senior-level SOC personnel and assist in identifying malicious actors on customer networks.
- Document analysis, findings, and actions in a case/knowledge management system.
- Creation and distribution of incident reports to customers and higher headquarters.
Requirements
Applicants must be comfortable supporting shift work in a 24/7 environment, have a minimum Top Secret clearance with ability to obtain SCI, and have at least 2 years of incident handling/response experience in a SOC environment., * Must have an active DoD Top Secret clearance with ability to obtain SCI
-
Must have DoD 8570 IAT II or higher certification (such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC, etc.) prior to starting.
-
Must be able to obtain DoD 8570 CSSP-Analyst certification (such as CEH, CySA+, GCIA, etc.) within 6 months of starting.
-
Must be willing to perform shift work on site; all shifts include weekend hours and inclement weather (SOC is deemed mission essential personnel).
-
Bachelor's degree and 4+ years of prior relevant experience; additional military service and/or relevant work experience may be considered in lieu of degree.
-
2+ years of prior incident handling/response experience.
-
2+ years of experience working in a SOC environment.
-
CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
-
Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
-
Sound understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
-
Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings
-
Demonstrated commitment to mentoring, training, self-study and maintaining proficiency in the technical cybersecurity domain and an ability to think and work independently
-
Strong analytical and troubleshooting skills.
-
Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, Full Packet Capture), and other attack artifacts in support of incident investigations.
-
In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. ArcSight, Splunk, Nitro/McAfee Enterprise Security Manager, QRadar, LogLogic).
-
Experience and proficiency with any of the following: Anti-Virus, HIPS/HBSS, IDS/IPS, Full Packet Capture, Network Forensics.
-
Experience with malware analysis concepts and methods.
-
Unix/Linux command line experience.
-
Scripting and programming experience.
-
Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
-
Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.