SOC Analyst – Level 3
SOC Analyst – Level 3
Position is remote, contract is one (1) year or more with additional opportunities available upon completion.
The Senior Security Operations Center (SOC) Analyst position performs in a Senior Level Threat Hunter/Researcher role from an automation perspective. The Analyst will use advanced network and host-based tools that will proactively search through datasets to detect and respond to imminent and potential threats that evade traditional security solutions. This role could role into a technical lead for elevated threat management and security solutions identified by or reported to the SOC. Will be responsible for developing and assisting in the development and advancement of automation and integration technologies. Candidate should be capable of clear communications to varying audiences across the organization, in addition to seeking and building consensus where needed to achieve a strengthened security posture.
• Proactively hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based/open-source tools
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, be able to integrate these tools with one another to provide data enrichment
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior
• Ability to automate networking tasks and analysis tasks
• Be able to effectively document code and automation efforts effectively in an understandable manner for a non-programmer
• Report common and repeated problems (trend analysis) to management and propose/drive process and technical improvements
• Provide resolution plans for system and network issues
• Provide support in the detection, response, mitigation and reporting of real or potential cyber threats to the environment and be able to assist in the automation of these processes
• Track record of six (6+) years of experience as a Level 3 SOC Analyst performing incident handling, sensor alert tracking, and/or cybersecurity case management
• Must have experience programming in at least one of the following: Python, Powershell, Bash, Shell Script, Batch, VBscript (Python experience preferable)
• Must have cybersecurity incident discovery and event management, network forensics, IPS/IDS, firewalls, content filtering technology, DLP, configuration management and monitoring, endpoint protection, database security and log collection and analysis understanding
• Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
• Experience and keen understanding of cybersecurity tools, including McAfee SIEM/ePO/VSE/ENS/ FireEye NX, Splunk, Quest, ServiceNow, Oracle.
• Network Traffic Analysis, Malware analysis, Raw Packet Captures, database technologies, web applications technologies, firewall technologies, etc.
• Experience with cybersecurity forensics tools and methodologies (Disk, file and memory acquisition)
• Experience in Tabletop exercises
• Extensive experience with network ports and protocols
• CSIS, CEH, CSTA, CSTP, GCFE, CISSP, GCIH, GCIA, or GPEN preferred
• Leading and/or directing security incident response
• Involvement in threat intelligence and cybersecurity communities