Job Description

Jr. SOC Analyst

Client: TriWest

POP: 12+ months

Location: Remote

US Citizen

REQUIRED SKILLS

• Bachelor's Degree + minimum 3 years working in a 24x7x365 SOC environment.

• DoD Approved 8570 certification REQUIRED such as: CompTIA Security+CE, CCNA-Security, CySA+**, GICSP, GSEC, CND, SSCP

• Analyzing system and network logs for security events, anomalies, and configuration issues.

• Experience working with SIEM technology to monitor and manage security events.

• Background in incident response, system/network operations and threat intelligence.

• Experience utilizing enterprise security technologies such as SIEM/SOAR, NGAV/EDR, Vulnerability Scanners, and Threat Intelligence Platforms.

• Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and/or service requests.

• Understanding of possible attack activities such as network reconnaissance probing, DDOS, malicious code activity, etc.

• Experience SOC operations including but not limited to: Alert and notification activities- analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents

• Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response

• Experience and ability to use and follow Standard Operating Procedures (SOPs)

• In-depth experience with processing and triage of Security Alerts; from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources

• Demonstrated experience with triage and resolution of SOC tasks; including but not limited to: vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis

• Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources

• Demonstrated experience of the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools

• Demonstrated proficiencies with an enterprise SIEM or security analytics solution including the Elastic Stack or Splunk.

• Solid understanding and experience analyzing security events generated from security tools and devices not limited to: Crowdstrike and Palo Alto

• Experience and solid understanding of Malware analysis

• Understanding of security incident response processes

• Understanding and experience with Federal Security Standards such as NIST and DoD

• Understanding and experience with FedRAMP Cloud Security Requirements

TASKS

• Perform 24x7x365 Security Monitoring, Analysis and Response

• Support incident investigations, response, and reporting

• Security Reporting

• Vulnerability Analysis

• SOC ticket queue management

• Document actions taken and analysis in the authorized ticketing system to a level of detail where the actions taken and analysis are capable of being systematically reconstructed.

Job Tags

Similar Jobs